βΌ CVE-2022-1221 βΌ
π Read
via "National Vulnerability Database".
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1320 βΌ
π Read
via "National Vulnerability Database".
The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1268 βΌ
π Read
via "National Vulnerability Database".
The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1298 βΌ
π Read
via "National Vulnerability Database".
The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1014 βΌ
π Read
via "National Vulnerability Database".
The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0346 βΌ
π Read
via "National Vulnerability Database".
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1093 βΌ
π Read
via "National Vulnerability Database".
The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-0781 βΌ
π Read
via "National Vulnerability Database".
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1192 βΌ
π Read
via "National Vulnerability Database".
The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42586 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29599 βΌ
π Read
via "National Vulnerability Database".
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1825 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42585 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28874 βΌ
π Read
via "National Vulnerability Database".
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.π Read
via "National Vulnerability Database".
β Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches β
π Read
via "Threat Post".
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.π Read
via "Threat Post".
Threat Post
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.
β Clearview AI face-matching service fined a lot less than expected β
π Read
via "Naked Security".
The fine has finally gone through... but it's less than 45% of what was originally proposed.π Read
via "Naked Security".
Naked Security
Clearview AI face-matching service fined a lot less than expected
The fine has finally gone throughβ¦ but itβs less than 45% of what was originally proposed.
ποΈ Blockchain bridge Wormhole pays record $10m bug bounty reward ποΈ
π Read
via "The Daily Swig".
Critical security flaw patched on the same day it was submittedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Blockchain bridge Wormhole pays record $10m bug bounty reward
Critical security flaw patched on the same day it was submitted
π΄ After the Okta Breach, Diversify Your Sources of Truth π΄
π Read
via "Dark Reading".
What subsequent protections do you have in place when your first line of defense goes down?π Read
via "Dark Reading".
Dark Reading
After the Okta Breach, Diversify Your Sources of Truth
What subsequent protections do you have in place when your first line of defense goes down?
ποΈ Yik Yak fixes information disclosure bug that leaked usersβ GPS location ποΈ
π Read
via "The Daily Swig".
Hairy MitM exploit independently discovered by two security researchersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Yik Yak fixes information disclosure bug that leaked usersβ GPS location
Hairy MitM exploit independently discovered by two security researchers
βΌ CVE-2022-1817 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1816 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.π Read
via "National Vulnerability Database".