βΌ CVE-2021-32162 βΌ
π Read
via "National Vulnerability Database".
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.π Read
via "National Vulnerability Database".
ποΈ PacketStreamer: New tool can aid research by revealing potential hacking behaviors ποΈ
π Read
via "The Daily Swig".
Utility can be used to βindicate the presence of an adversary or the progress of an attackβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
PacketStreamer: New tool can aid research by revealing potential hacking behaviors
Utility can be used to βindicate the presence of an adversary or the progress of an attackβ
π1
βΌ CVE-2022-1252 βΌ
π Read
via "National Vulnerability Database".
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1295 βΌ
π Read
via "National Vulnerability Database".
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0556 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26414 βΌ
π Read
via "National Vulnerability Database".
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1297 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26413 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1296 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.π Read
via "National Vulnerability Database".
π΄ Going Passwordless? Here Are 6 Steps to Get Started π΄
π Read
via "Dark Reading".
High costs and user reluctance have stood in the way of passwordless adoption, but conversion can be simplified if you take it in more gradual steps.π Read
via "Dark Reading".
Dark Reading
Going Passwordless? Here Are 6 Steps to Get Started
High costs and user reluctance have stood in the way of passwordless adoption, but conversion can be simplified if you take it in more gradual steps.
ποΈ Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware ποΈ
π Read
via "The Daily Swig".
Spring is sprungπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware
Spring is sprung
βοΈ Double-Your-Crypto Scams Share Crypto Scam Host βοΈ
π Read
via "Krebs on Security".
Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here's a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.π Read
via "Krebs on Security".
Krebs on Security
Double-Your-Crypto Scams Share Crypto Scam Host
Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the faceβ¦
βΌ CVE-2022-0949 βΌ
π Read
via "National Vulnerability Database".
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34250 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1006 βΌ
π Read
via "National Vulnerability Database".
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24987 βΌ
π Read
via "National Vulnerability Database".
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0989 βΌ
π Read
via "National Vulnerability Database".
An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0919 βΌ
π Read
via "National Vulnerability Database".
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1023 βΌ
π Read
via "National Vulnerability Database".
The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast fileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25090 βΌ
π Read
via "National Vulnerability Database".
The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0920 βΌ
π Read
via "National Vulnerability Database".
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's dataπ Read
via "National Vulnerability Database".