🗓️ SharePoint RCE bug resurfaces three months after being patched by Microsoft 🗓️
📖 Read
via "The Daily Swig".
Deserialization vulnerabilities are hard to fix📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SharePoint RCE bug resurfaces three months after being patched by Microsoft
Deserialization vulnerabilities are hard to fix
🕴 Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future 🕴
📖 Read
via "Dark Reading".
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.📖 Read
via "Dark Reading".
Dark Reading
Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.
👍2
‼ CVE-2022-30011 ‼
📖 Read
via "National Vulnerability Database".
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30012 ‼
📖 Read
via "National Vulnerability Database".
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.📖 Read
via "National Vulnerability Database".
🗓️ UK government sits out bug bounty boom but welcomes vulnerability disclosure 🗓️
📖 Read
via "The Daily Swig".
Budget constraints limit any immediate ambitions📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK government sits out bug bounty boom but welcomes vulnerability disclosure
Budget constraints limit any immediate ambitions
🕴 US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional 🕴
📖 Read
via "Dark Reading".
In a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.📖 Read
via "Dark Reading".
Dark Reading
US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional
In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
‼ CVE-2021-42897 ‼
📖 Read
via "National Vulnerability Database".
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29623 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arbitrary code via a crafted PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1418 ‼
📖 Read
via "National Vulnerability Database".
The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0873 ‼
📖 Read
via "National Vulnerability Database".
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1409 ‼
📖 Read
via "National Vulnerability Database".
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1713 ‼
📖 Read
via "National Vulnerability Database".
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29354 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1265 ‼
📖 Read
via "National Vulnerability Database".
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1559 ‼
📖 Read
via "National Vulnerability Database".
The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29351 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30013 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29622 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29017 ‼
📖 Read
via "National Vulnerability Database".
Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1726 ‼
📖 Read
via "National Vulnerability Database".
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1722 ‼
📖 Read
via "National Vulnerability Database".
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses📖 Read
via "National Vulnerability Database".