βΌ CVE-2022-23869 βΌ
π Read
via "National Vulnerability Database".
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1178 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1155 βΌ
π Read
via "National Vulnerability Database".
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1154 βΌ
π Read
via "National Vulnerability Database".
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1181 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24131 βΌ
π Read
via "National Vulnerability Database".
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1180 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1179 βΌ
π Read
via "National Vulnerability Database".
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.π Read
via "National Vulnerability Database".
π΄ How Security Complexity Is Being Weaponized π΄
π Read
via "Dark Reading".
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.π Read
via "Dark Reading".
Dark Reading
How Security Complexity Is Being Weaponized
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.
ποΈ βDangerousβ EU web authentication plan threatens to undercut browser-led certification system, detractors claim ποΈ
π Read
via "The Daily Swig".
Signatories to a letter criticizing EU scheme share their misgivings with The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βDangerousβ EU web authentication plan threatens to undercut browser-led certification system, detractors claim
Signatories to a letter criticizing EU scheme share their misgivings with The Daily Swig
β Zlib data compressor fixes 17-year-old security bug β patch, errrm, now β
π Read
via "Naked Security".
This code is venerable! Surely all the bugs must be out by now?π Read
via "Naked Security".
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
This code is venerable! Surely all the bugs must be out by now?
ποΈ SQL injection protections in ImpressCMS could be bypassed to achieve RCE ποΈ
π Read
via "The Daily Swig".
Features designed to protect against SQL injection could be abused and turned against the host applicationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQL injection protections in ImpressCMS could be bypassed to achieve RCE
Features designed to protect against SQL injection could be abused and turned against the host application
β World Backup Day: 5 data recovery tips for everyone! β
π Read
via "Naked Security".
The only backup you will ever regret is the one you didn't makeπ Read
via "Naked Security".
Naked Security
World Backup Day: 5 data recovery tips for everyone!
The only backup you will ever regret is the one you didnβt make
π₯1
π΄ Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk π΄
π Read
via "Dark Reading".
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.π Read
via "Dark Reading".
Dark Reading
Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.
βΌ CVE-2022-25619 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2022-25620 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.π Read
via "National Vulnerability Database".
π₯1
β Lapsus$ βBack from Vacationβ β
π Read
via "Threat Post".
Lapsus$ added IT giant Globant plus 70GB of leaked data β including admin credentials for scads of customers' DevOps platforms β to its hit list.π Read
via "Threat Post".
Threat Post
Lapsus$ βBack from Vacationβ
Lapsus$ added IT giant Globant plus 70GB of leaked data β including admin credentials for scads of customers' DevOps platforms β to its hit list.
β Google Chrome Bug Actively Exploited as Zero-Day β
π Read
via "Threat Post".
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.π Read
via "Threat Post".
Threat Post
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
ποΈ Spring Cloud framework commits patch for code injection flaw ποΈ
π Read
via "The Daily Swig".
A fix appears to have been pushed but is not available in a stable release yetπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring Cloud framework commits patch for code injection flaw
A fix appears to have been pushed but is not available in a stable release yet
β βVMWare Spring Cloudβ Java bug gives instant remote code execution β update now! β
π Read
via "Naked Security".
Easy unauthenticated remote code execution - PoC code already outπ Read
via "Naked Security".
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
Easy unauthenticated remote code execution β PoC code already out
π1
π΄ Cybercriminals Fighting Over Cloud Workloads for Cryptomining π΄
π Read
via "Dark Reading".
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.