🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29733 ‼

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.

📖 Read

via "National Vulnerability Database".

96 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1968 ‼

Use After Free in GitHub repository vim/vim prior to 8.2.

📖 Read

via "National Vulnerability Database".

94 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29734 ‼

A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

📖 Read

via "National Vulnerability Database".

92 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-24240 ‼

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.

📖 Read

via "National Vulnerability Database".

92 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-30797 ‼

Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.

📖 Read

via "National Vulnerability Database".

93 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31957 ‼

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=.

📖 Read

via "National Vulnerability Database".

96 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-30832 ‼

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=.

📖 Read

via "National Vulnerability Database".

96 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-30798 ‼

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.

📖 Read

via "National Vulnerability Database".

97 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31796 ‼

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

📖 Read

via "National Vulnerability Database".

97 views16:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-43306 ‼

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

📖 Read

via "National Vulnerability Database".

94 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31350 ‼

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.

📖 Read

via "National Vulnerability Database".

95 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-23236 ‼

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

📖 Read

via "National Vulnerability Database".

91 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-42203 ‼

An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.

📖 Read

via "National Vulnerability Database".

88 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32004 ‼

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.

📖 Read

via "National Vulnerability Database".

88 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29648 ‼

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.

📖 Read

via "National Vulnerability Database".

87 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-30808 ‼

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.

📖 Read

via "National Vulnerability Database".

93 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-30277 ‼

BD Synapsysâ„¢, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).

📖 Read

via "National Vulnerability Database".

92 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-30115 ‼

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.

📖 Read

via "National Vulnerability Database".

91 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29483 ‼

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

📖 Read

via "National Vulnerability Database".

89 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31336 ‼

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.

📖 Read

via "National Vulnerability Database".

86 views16:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2019-12350 ‼

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

📖 Read

via "National Vulnerability Database".

87 views16:35

About

Blog

Apps

Platform