‼ CVE-2021-45900 ‼
📖 Read
via "National Vulnerability Database".
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33523 ‼
📖 Read
via "National Vulnerability Database".
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33581 ‼
📖 Read
via "National Vulnerability Database".
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26645 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46007 ‼
📖 Read
via "National Vulnerability Database".
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26646 ‼
📖 Read
via "National Vulnerability Database".
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46009 ‼
📖 Read
via "National Vulnerability Database".
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24299 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.📖 Read
via "National Vulnerability Database".
👏1
‼ CVE-2022-27496 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23183 ‼
📖 Read
via "National Vulnerability Database".
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28128 ‼
📖 Read
via "National Vulnerability Database".
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20729 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26019 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1191 ‼
📖 Read
via "National Vulnerability Database".
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22986 ‼
📖 Read
via "National Vulnerability Database".
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25348 ‼
📖 Read
via "National Vulnerability Database".
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25915 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.📖 Read
via "National Vulnerability Database".
🗓️ US healthcare data breach impacts 85,000 law enforcement officers 🗓️
📖 Read
via "The Daily Swig".
Law Enforcement Health Benefits was hit by a ransomware attack last year📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US healthcare data breach impacts 85,000 law enforcement officers
Law Enforcement Health Benefits was hit by a ransomware attack last year
👍2
‼ CVE-2022-24136 ‼
📖 Read
via "National Vulnerability Database".
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1176 ‼
📖 Read
via "National Vulnerability Database".
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.📖 Read
via "National Vulnerability Database".
🗓️ Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner 🗓️
📖 Read
via "The Daily Swig".
Attacks could be mounted via manipulation of query operators in search criteria📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner
Attacks could be mounted via manipulation of query operators in search criteria