βΌ CVE-2021-42233 βΌ
π Read
via "National Vulnerability Database".
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32941 βΌ
π Read
via "National Vulnerability Database".
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root).π Read
via "National Vulnerability Database".
βΌ CVE-2022-31467 βΌ
π Read
via "National Vulnerability Database".
Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.π Read
via "National Vulnerability Database".
π΄ Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems π΄
π Read
via "Dark Reading".
The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.π Read
via "Dark Reading".
Dark Reading
Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems
The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.
π΄ Multiple Governments Buying Android Zero-Days for Spying: Google π΄
π Read
via "Dark Reading".
An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.π Read
via "Dark Reading".
Dark Reading
Multiple Governments Buying Android Zero-Days for Spying: Google
An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.
βΌ CVE-2022-28999 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29002 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31487 βΌ
π Read
via "National Vulnerability Database".
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1467 βΌ
π Read
via "National Vulnerability Database".
Windows OS can be configured to overlay a Γ’β¬Εlanguage barΓ’β¬οΏ½ on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31489 βΌ
π Read
via "National Vulnerability Database".
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31488 βΌ
π Read
via "National Vulnerability Database".
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29376 βΌ
π Read
via "National Vulnerability Database".
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32958 βΌ
π Read
via "National Vulnerability Database".
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30015 βΌ
π Read
via "National Vulnerability Database".
In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-31263 βΌ
π Read
via "National Vulnerability Database".
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29305 βΌ
π Read
via "National Vulnerability Database".
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29377 βΌ
π Read
via "National Vulnerability Database".
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0734 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29309 βΌ
π Read
via "National Vulnerability Database".
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0910 βΌ
π Read
via "National Vulnerability Database".
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.π Read
via "National Vulnerability Database".
π’ SES GS wins US governmentβs TROJAN contract π’
π Read
via "ITPro".
The five-year deal is aimed at fortifying the countryβs cyber security resilienceπ Read
via "ITPro".
IT PRO
SES GS wins US governmentβs TROJAN contract | IT PRO
The five-year deal is aimed at fortifying the countryβs cyber security resilience