βΌ CVE-2022-1456 βΌ
π Read
via "National Vulnerability Database".
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1646 βΌ
π Read
via "National Vulnerability Database".
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1009 βΌ
π Read
via "National Vulnerability Database".
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration fileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1582 βΌ
π Read
via "National Vulnerability Database".
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1556 βΌ
π Read
via "National Vulnerability Database".
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1611 βΌ
π Read
via "National Vulnerability Database".
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1294 βΌ
π Read
via "National Vulnerability Database".
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0376 βΌ
π Read
via "National Vulnerability Database".
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1387 βΌ
π Read
via "National Vulnerability Database".
The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1564 βΌ
π Read
via "National Vulnerability Database".
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
π GRR 3.4.6.0 π
π Read
via "Packet Storm Security".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Read
via "Packet Storm Security".
Packetstormsecurity
GRR 3.4.6.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Zero-Day βFollinaβ Bug Lays Older Microsoft Office Versions Open to Attack β
π Read
via "Threat Post".
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.π Read
via "Threat Post".
Threat Post
Zero-Day βFollinaβ Bug Lays Microsoft Office Open to Attack
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.
π΄ 6 Steps to Ensure Cyber Resilience π΄
π Read
via "Dark Reading".
To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.π Read
via "Dark Reading".
Dark Reading
6 Steps to Ensure Cyber Resilience
To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.
ποΈ Dozens of high-traffic websites vulnerable to βaccount pre-hijackingβ, study finds ποΈ
π Read
via "The Daily Swig".
Validation check loopholes exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dozens of high-traffic websites vulnerable to βaccount pre-hijackingβ, study finds
Validation check loopholes exposed
β S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
Latest episode β listen now!
ποΈ Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack ποΈ
π Read
via "The Daily Swig".
βSuper fundβ confirms user information has been exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack
βSuper fundβ confirms user information has been exposed
β Beware the Smish! Home delivery scams with a professional feelβ¦ β
π Read
via "Naked Security".
Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...π Read
via "Naked Security".
Naked Security
Beware the Smish! Home delivery scams with a professional feelβ¦
Home delivery scams are getting leaner, and meaner, and more likely to βlook about rightβ. Hereβs an example to show you what we meanβ¦
βΌ CVE-2022-1931 βΌ
π Read
via "National Vulnerability Database".
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1934 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository mruby/mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3555 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.π Read
via "National Vulnerability Database".
β EnemyBot Malware Targets Web Servers, CMS Tools and Android OS β
π Read
via "Threat Post".
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.π Read
via "Threat Post".
Threat Post
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.