πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28002 β€Ό

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28001 β€Ό

Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27062 β€Ό

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

πŸ“– Read

via "National Vulnerability Database".
161 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27346 β€Ό

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27348 β€Ό

Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

πŸ“– Read

via "National Vulnerability Database".
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28000 β€Ό

Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27063 β€Ό

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27992 β€Ό

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27064 β€Ό

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Command injection bug patched in Ruby library for converting AsciiDoc files πŸ—“οΈ

Ruby server RCE bug gets quashed

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Command injection bug patched in Ruby library for converting AsciiDoc files
Ruby server RCE bug gets quashed
298 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 4/8 πŸ”

The takedown of a darknet powerhouse, cybercriminals getting more creative, how the most common insider cyber threats may not be quite what you suspect, and more – catch up on this week’s news with the Friday Five!

πŸ“– Read

via "".
Digital Guardian
Friday Five 4/8
The takedown of a darknet powerhouse, cybercriminals getting more creative, how the most common insider cyber threats may not be quite what you suspect, and more – catch up on this week’s news with the Friday Five!
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46437 β€Ό

An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

πŸ“– Read

via "National Vulnerability Database".
316 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46436 β€Ό

An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.

πŸ“– Read

via "National Vulnerability Database".
325 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Security Nihilism Is Putting Your Company β€” and Its Employees β€” at Risk πŸ•΄

Some enterprise security tactics can backfire, pitting IT and security teams against the employees they’re trying to protect.

πŸ“– Read

via "Dark Reading".
Dark Reading
Security Nihilism Is Putting Your Company β€” and Its Employees β€” at Risk
Some enterprise security tactics can backfire, pitting IT and security teams against the employees they’re trying to protect.
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46367 β€Ό

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.

πŸ“– Read

via "National Vulnerability Database".
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24229 β€Ό

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Third member of FIN7 cybercrime gang jailed over card skimming scheme πŸ—“οΈ

US authorities sentence pen tester to five years in prison

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Third member of FIN7 cybercrime gang jailed over card skimming scheme
US authorities sentence pen tester to five years in prison
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ ByteChek Founder AJ Yawn Brings Discipline to Everything He Does πŸ•΄

Security Pro File: The former Army captain, whose security startup is on an upward trajectory, works hard to "make compliance suck less."

πŸ“– Read

via "Dark Reading".
Dark Reading
ByteChek Founder AJ Yawn Brings Discipline to Everything He Does
Security Pro File: The former Army captain, whose security startup is on an upward trajectory, works hard to "make compliance suck less."
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast] ⚠

Latest episode - listen now! Cybersecurity news and advice in plain English.

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
Latest episode – listen now! Cybersecurity news and advice in plain English.
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now! ⚠

A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.

πŸ“– Read

via "Naked Security".
Naked Security
Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Google Play Bitten by Sharkbot Info-stealer β€˜AV Solution’ ❌

Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.

πŸ“– Read

via "Threat Post".
Threat Post
Google Play Bitten by Sharkbot Info-stealer β€˜AV Solution’
Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.
276 views