‼ CVE-2022-26414 ‼
📖 Read
via "National Vulnerability Database".
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1297 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26413 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1296 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.📖 Read
via "National Vulnerability Database".
🕴 Going Passwordless? Here Are 6 Steps to Get Started 🕴
📖 Read
via "Dark Reading".
High costs and user reluctance have stood in the way of passwordless adoption, but conversion can be simplified if you take it in more gradual steps.📖 Read
via "Dark Reading".
Dark Reading
Going Passwordless? Here Are 6 Steps to Get Started
High costs and user reluctance have stood in the way of passwordless adoption, but conversion can be simplified if you take it in more gradual steps.
🗓️ Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware 🗓️
📖 Read
via "The Daily Swig".
Spring is sprung📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware
Spring is sprung
♟️ Double-Your-Crypto Scams Share Crypto Scam Host ♟️
📖 Read
via "Krebs on Security".
Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here's a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.📖 Read
via "Krebs on Security".
Krebs on Security
Double-Your-Crypto Scams Share Crypto Scam Host
Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face…
‼ CVE-2022-0949 ‼
📖 Read
via "National Vulnerability Database".
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34250 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1006 ‼
📖 Read
via "National Vulnerability Database".
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24987 ‼
📖 Read
via "National Vulnerability Database".
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0989 ‼
📖 Read
via "National Vulnerability Database".
An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0919 ‼
📖 Read
via "National Vulnerability Database".
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1023 ‼
📖 Read
via "National Vulnerability Database".
The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25090 ‼
📖 Read
via "National Vulnerability Database".
The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0920 ‼
📖 Read
via "National Vulnerability Database".
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0531 ‼
📖 Read
via "National Vulnerability Database".
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27089 ‼
📖 Read
via "National Vulnerability Database".
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0828 ‼
📖 Read
via "National Vulnerability Database".
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0314 ‼
📖 Read
via "National Vulnerability Database".
The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0969 ‼
📖 Read
via "National Vulnerability Database".
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".