πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29728 β€Ό

Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter.

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29318 β€Ό

An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29655 β€Ό

An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29656 β€Ό

Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29975 β€Ό

An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .

πŸ“– Read

via "National Vulnerability Database".
209 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19228 β€Ό

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.

πŸ“– Read

via "National Vulnerability Database".
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29976 β€Ό

An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29317 β€Ό

Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies πŸ•΄

Analysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.

πŸ“– Read

via "Dark Reading".
Darkreading
SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies
Analysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ CyberUK 2022: Global power conflicts creating β€˜balkinization’ of cybersecurity tech πŸ—“οΈ

Technology interoperability at risk from wider conflict between China and the West

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CyberUK 2022: Global power conflicts creating β€˜balkinization’ of cybersecurity tech
Technology interoperability at risk from wider conflict between China and the West
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44167 β€Ό

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27656 β€Ό

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1622 β€Ό

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28214 β€Ό

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systemsÒ€ℒ Confidentiality, Integrity, and Availability.

πŸ“– Read

via "National Vulnerability Database".
132 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29977 β€Ό

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28774 β€Ό

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.

πŸ“– Read

via "National Vulnerability Database".
128 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29898 β€Ό

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.

πŸ“– Read

via "National Vulnerability Database".
128 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29009 β€Ό

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

πŸ“– Read

via "National Vulnerability Database".
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29610 β€Ό

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.

πŸ“– Read

via "National Vulnerability Database".
125 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28077 β€Ό

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29008 β€Ό

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.

πŸ“– Read

via "National Vulnerability Database".
120 views