βΌ CVE-2022-21757 βΌ
π Read
via "National Vulnerability Database".
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21750 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283.π Read
via "National Vulnerability Database".
π΄ Communication Is Key to CISO Success π΄
π Read
via "Dark Reading".
A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.π Read
via "Dark Reading".
Dark Reading
Communication Is Key to CISO Success
A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.
βΌ CVE-2020-6220 βΌ
π Read
via "National Vulnerability Database".
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victimΓ’β¬β’s session is active.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31498 βΌ
π Read
via "National Vulnerability Database".
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31492 βΌ
π Read
via "National Vulnerability Database".
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30469 βΌ
π Read
via "National Vulnerability Database".
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29631 βΌ
π Read
via "National Vulnerability Database".
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29617 βΌ
π Read
via "National Vulnerability Database".
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30587 βΌ
π Read
via "National Vulnerability Database".
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.π Read
via "National Vulnerability Database".
π΄ Ransomware's ROI Retreat Will Drive More BEC Attacks π΄
π Read
via "Dark Reading".
Crackdowns are driving down ransomware profits, and analysts see signs that operators are pivoting to business email compromise attacks, security researcher warned.π Read
via "Dark Reading".
Dark Reading
Ransomware's ROI Retreat Will Drive More BEC Attacks
Crackdowns are driving down ransomware profits, and analysts see signs that operators are pivoting to business email compromise attacks, security researcher warned.
βΌ CVE-2022-28479 βΌ
π Read
via "National Vulnerability Database".
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menuπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31494 βΌ
π Read
via "National Vulnerability Database".
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27438 βΌ
π Read
via "National Vulnerability Database".
Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32511 βΌ
π Read
via "National Vulnerability Database".
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28478 βΌ
π Read
via "National Vulnerability Database".
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29296 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-30927 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28051 βΌ
π Read
via "National Vulnerability Database".
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.π Read
via "National Vulnerability Database".
ποΈ Vast majority of ethical hackers keen to spend more time bug bounty hunting β report ποΈ
π Read
via "The Daily Swig".
Bounties and greater independence are prime motives for hackers hoping to do more freelance bug huntingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vast majority of ethical hackers keen to spend more time bug bounty hunting β report
Bounties and greater independence are prime motives for hackers hoping to do more freelance bug hunting
β Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw β
π Read
via "Threat Post".
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.π Read
via "Threat Post".
Threat Post
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.