βΌ CVE-2021-42869 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43478 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42868 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. .π Read
via "National Vulnerability Database".
βΌ CVE-2021-42866 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22311 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42867 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36625 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42946 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37517 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.π Read
via "National Vulnerability Database".
π΄ Global BEC Crackdown Nets 65 Suspects π΄
π Read
via "Dark Reading".
FBI and international law enforcement agencies execute "Operation Eagle Sweep."π Read
via "Dark Reading".
Dark Reading
Global BEC Crackdown Nets 65 Suspects
FBI and international law enforcement agencies execute "Operation Eagle Sweep."
π΄ Ransomware: Should Companies Ever Pay Up? π΄
π Read
via "Dark Reading".
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?π Read
via "Dark Reading".
Dark Reading
Ransomware: Should Companies Ever Pay Up?
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?
βΌ CVE-2021-43707 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26546 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43479 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43722 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.π Read
via "National Vulnerability Database".
π΄ Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks π΄
π Read
via "Dark Reading".
CISA urges organizations using affected technologies to implement recommended mitigation measures.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities in Rockwell Automation PLCs
CISA urges organizations using affected technologies to implement recommended mitigation measures.
βοΈ Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill βοΈ
π Read
via "Krebs on Security".
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate's most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.π Read
via "Krebs on Security".
Krebs on Security
Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate's mostβ¦
β S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
Latest episode β listen now!
β Two different βVMware Springβ bugs at large β we cut through the confusion β
π Read
via "Naked Security".
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusionπ Read
via "Naked Security".
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
Whoever came up with the name βSpring4Shellβ didnβt help at allβ¦ we cut through the Spring Bug confusion
β Apple pushes out two emergency 0-day updates β get βem now! β
π Read
via "Naked Security".
More Apple zero-days - mobile devices, laptops and desktops affected. Update now!π Read
via "Naked Security".
Naked Security
Apple pushes out two emergency 0-day updates β get βem now!
More Apple zero-days β mobile devices, laptops and desktops affected. Update now!
βΌ CVE-2022-27963 βΌ
π Read
via "National Vulnerability Database".
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.π Read
via "National Vulnerability Database".