‼ CVE-2022-26645 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46007 ‼
📖 Read
via "National Vulnerability Database".
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26646 ‼
📖 Read
via "National Vulnerability Database".
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46009 ‼
📖 Read
via "National Vulnerability Database".
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24299 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.📖 Read
via "National Vulnerability Database".
👏1
‼ CVE-2022-27496 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23183 ‼
📖 Read
via "National Vulnerability Database".
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28128 ‼
📖 Read
via "National Vulnerability Database".
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20729 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26019 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1191 ‼
📖 Read
via "National Vulnerability Database".
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22986 ‼
📖 Read
via "National Vulnerability Database".
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25348 ‼
📖 Read
via "National Vulnerability Database".
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25915 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.📖 Read
via "National Vulnerability Database".
🗓️ US healthcare data breach impacts 85,000 law enforcement officers 🗓️
📖 Read
via "The Daily Swig".
Law Enforcement Health Benefits was hit by a ransomware attack last year📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US healthcare data breach impacts 85,000 law enforcement officers
Law Enforcement Health Benefits was hit by a ransomware attack last year
👍2
‼ CVE-2022-24136 ‼
📖 Read
via "National Vulnerability Database".
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1176 ‼
📖 Read
via "National Vulnerability Database".
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.📖 Read
via "National Vulnerability Database".
🗓️ Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner 🗓️
📖 Read
via "The Daily Swig".
Attacks could be mounted via manipulation of query operators in search criteria📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner
Attacks could be mounted via manipulation of query operators in search criteria
❌ A Blockchain Primer and a Bored Ape Headscratcher – Podcast ❌
📖 Read
via "Threat Post".
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.📖 Read
via "Threat Post".
🕴 Nation-State Hackers Ramp Up Ukraine War-Themed Attacks 🕴
📖 Read
via "Dark Reading".
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.📖 Read
via "Dark Reading".
Dark Reading
Nation-State Hackers Ramp Up Ukraine War-Themed Attacks
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.
❌ QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug ❌
📖 Read
via "Threat Post".
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.📖 Read
via "Threat Post".
Threat Post
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.