‼ CVE-2020-19212 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19217 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28970 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28972 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19216 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28973 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28005 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28971 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28969 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
âš You didn’t leave enough space between ROSE and AND, and AND and CROWN âš
📖 Read
via "Naked Security".
What weird bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?📖 Read
via "Naked Security".
Naked Security
You didn’t leave enough space between ROSE and AND, and AND and CROWN
What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?
🛠Adversary3 2.0 ðŸ›
📖 Read
via "Packet Storm Security".
Adversary3 is a tool to navigate the vast www.malvuln.com malware vulnerability dataset.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Adversary3 2.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 AT&T Expands Access to Advanced Secure Edge and Remote Workforce Capabilities 🕴
📖 Read
via "Dark Reading".
AT&T SASE with Cisco Meraki offers fully integrated network and security tools for convenient, high-performing, and protected access from anywhere📖 Read
via "Dark Reading".
Darkreading
AT&T Expands Access to Advanced Secure Edge and Remote Workforce Capabilities
AT&T SASE with Cisco Meraki offers fully integrated network and security tools for convenient, high-performing, and protected access from anywhere
‼ CVE-2022-28545 ‼
📖 Read
via "National Vulnerability Database".
FUDforum 3.1.1 is vulnerable to Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28164 ‼
📖 Read
via "National Vulnerability Database".
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26253 ‼
📖 Read
via "National Vulnerability Database".
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29420 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21934 ‼
📖 Read
via "National Vulnerability Database".
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33845 ‼
📖 Read
via "National Vulnerability Database".
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28163 ‼
📖 Read
via "National Vulnerability Database".
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1053 ‼
📖 Read
via "National Vulnerability Database".
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29421 ‼
📖 Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.📖 Read
via "National Vulnerability Database".