‼ CVE-2022-1416 ‼
📖 Read
via "National Vulnerability Database".
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16235 ‼
📖 Read
via "National Vulnerability Database".
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16231 ‼
📖 Read
via "National Vulnerability Database".
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.📖 Read
via "National Vulnerability Database".
👍1
🕴 Deadbolt Ransomware Targeting QNAP NAS Devices 🕴
📖 Read
via "Dark Reading".
QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.📖 Read
via "Dark Reading".
Dark Reading
Deadbolt Ransomware Targeting QNAP NAS Devices
QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.
🕴 More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam 🕴
📖 Read
via "Dark Reading".
New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.📖 Read
via "Dark Reading".
Dark Reading
More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam
New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.
‼ CVE-2022-29652 ‼
📖 Read
via "National Vulnerability Database".
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28962 ‼
📖 Read
via "National Vulnerability Database".
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28961 ‼
📖 Read
via "National Vulnerability Database".
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28960 ‼
📖 Read
via "National Vulnerability Database".
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28948 ‼
📖 Read
via "National Vulnerability Database".
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28959 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29304 ‼
📖 Read
via "National Vulnerability Database".
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4107 ‼
📖 Read
via "National Vulnerability Database".
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28987 ‼
📖 Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28965 ‼
📖 Read
via "National Vulnerability Database".
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34111 ‼
📖 Read
via "National Vulnerability Database".
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21500 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-28985 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28964 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.📖 Read
via "National Vulnerability Database".
❌ 380K Kubernetes API Servers Exposed to Public Internet ❌
📖 Read
via "Threat Post".
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.📖 Read
via "Threat Post".
Threat Post
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
👍1
‼ CVE-2022-25229 ‼
📖 Read
via "National Vulnerability Database".
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the webpage to use 'NodeJs' features, an attacker can leverage this to run OS commands.📖 Read
via "National Vulnerability Database".