🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44127 ‼

In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.

📖 Read

via "National Vulnerability Database".
424 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-26598 ‼

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).

📖 Read

via "National Vulnerability Database".
387 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26273 ‼

EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.

📖 Read

via "National Vulnerability Database".
359 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45491 ‼

3CX System through 2022-03-17 stores cleartext passwords in a database.

📖 Read

via "National Vulnerability Database".
309 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44208 ‼

OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.

📖 Read

via "National Vulnerability Database".
251 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26268 ‼

Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.

📖 Read

via "National Vulnerability Database".
218 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-26599 ‼

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.

📖 Read

via "National Vulnerability Database".
197 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-24303 ‼

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

📖 Read

via "National Vulnerability Database".
194 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-26600 ‼

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44617 ‼

A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26259 ‼

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26255 ‼

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.

📖 Read

via "National Vulnerability Database".
201 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44213 ‼

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.

📖 Read

via "National Vulnerability Database".
208 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26258 ‼

D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp.

📖 Read

via "National Vulnerability Database".
216 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-45490 ‼

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

📖 Read

via "National Vulnerability Database".
228 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44211 ‼

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.

📖 Read

via "National Vulnerability Database".
260 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-26601 ‼

ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.

📖 Read

via "National Vulnerability Database".
285 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44210 ‼

OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.

📖 Read

via "National Vulnerability Database".
333 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44209 ‼

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.

📖 Read

via "National Vulnerability Database".
397 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-44212 ‼

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.

📖 Read

via "National Vulnerability Database".
407 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-27950 ‼

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

📖 Read

via "National Vulnerability Database".
446 views