βΌ CVE-2022-26280 βΌ
π Read
via "National Vulnerability Database".
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43103 βΌ
π Read
via "National Vulnerability Database".
A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43097 βΌ
π Read
via "National Vulnerability Database".
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26296 βΌ
π Read
via "National Vulnerability Database".
BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26642 βΌ
π Read
via "National Vulnerability Database".
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.π Read
via "National Vulnerability Database".
π΄ Low-Code/No-Code Tools Are Popular, But Untrusted π΄
π Read
via "Dark Reading".
While low-code and no-code tools make application development more flexible, they open up security flaws.π Read
via "Dark Reading".
Dark Reading
Low-Code/No-Code Tools Are Popular but Untrusted
While low-code and no-code tools make application development more flexible, they open up security flaws.
βΌ CVE-2022-0331 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44581 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26269 βΌ
π Read
via "National Vulnerability Database".
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45866 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23937 βΌ
π Read
via "National Vulnerability Database".
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24956 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25521 βΌ
π Read
via "National Vulnerability Database".
UNNO v03.11.00 was discovered to contain access control issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25420 βΌ
π Read
via "National Vulnerability Database".
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24957 βΌ
π Read
via "National Vulnerability Database".
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45865 βΌ
π Read
via "National Vulnerability Database".
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.π Read
via "National Vulnerability Database".
ποΈ Ukrainian ISP used by military disrupted by βpowerfulβ cyber-attack ποΈ
π Read
via "The Daily Swig".
Russia blamed after internet knocked offline for many across the countryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ukrainian ISP used by military disrupted by βpowerfulβ cyber-attack
Russia blamed after internet knocked offline for many across the country
βΌ CVE-2022-23059 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the Γ’β¬ΕManage ImagesΓ’β¬οΏ½ tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.π Read
via "National Vulnerability Database".
π1
ποΈ HTML parser bug triggers Chromium XSS security flaw ποΈ
π Read
via "The Daily Swig".
Websites thought to be XSS-protected could have been unintentionally exposed to XSS attacks in Chrome sessionsπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
β Exchange Servers Speared in IcedID Phishing Campaign β
π Read
via "Threat Post".
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.π Read
via "Threat Post".
Threat Post
Exchange Servers Speared in IcedID Phishing Campaign
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
βοΈ Hackers Gaining Power of Subpoena Via Fake βEmergency Data Requestsβ βοΈ
π Read
via "Krebs on Security".
There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can't wait for a court order because it relates to an urgent matter of life and death.π Read
via "Krebs on Security".
Krebs on Security
Hackers Gaining Power of Subpoena Via Fake βEmergency Data Requestsβ
There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied toβ¦