‼ CVE-2022-26085 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33122 ‼
📖 Read
via "National Vulnerability Database".
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29745 ‼
📖 Read
via "National Vulnerability Database".
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33103 ‼
📖 Read
via "National Vulnerability Database".
Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24297 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24910 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21809 ‼
📖 Read
via "National Vulnerability Database".
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29303 ‼
📖 Read
via "National Vulnerability Database".
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30000 ‼
📖 Read
via "National Vulnerability Database".
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26075 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29307 ‼
📖 Read
via "National Vulnerability Database".
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30002 ‼
📖 Read
via "National Vulnerability Database".
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0188 ‼
📖 Read
via "National Vulnerability Database".
Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26420 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27172 ‼
📖 Read
via "National Vulnerability Database".
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26518 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
🔏 FBI Highlights Increase of BEC Exposed Losses 🔏
📖 Read
via "".
There was a 65% increase in identified global exposed losses connected to BEC scams from 2019 to 2021.📖 Read
via "".
Digital Guardian
FBI Highlights Increase of BEC Exposed Losses
New numbers claim there was a 65% increase in identified global exposed losses connected to BEC scams from 2019 to 2021.
‼ CVE-2022-29363 ‼
📖 Read
via "National Vulnerability Database".
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26317 ‼
📖 Read
via "National Vulnerability Database".
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26386 ‼
📖 Read
via "National Vulnerability Database".
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26369 ‼
📖 Read
via "National Vulnerability Database".
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.📖 Read
via "National Vulnerability Database".