‼ CVE-2022-31043 ‼
📖 Read
via "National Vulnerability Database".
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-31042 ‼
📖 Read
via "National Vulnerability Database".
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together.📖 Read
via "National Vulnerability Database".
🕴 Design Weakness Discovered in Apple M1 Kernel Protections 🕴
📖 Read
via "Dark Reading".
The proof-of-concept attack from MIT CSAIL researchers undermines the pointer authentication feature used to defend the Apple chip's OS kernel.📖 Read
via "Dark Reading".
Dark Reading
Design Weakness Discovered in Apple M1 Kernel Protections
The proof-of-concept attack from MIT CSAIL researchers undermines the pointer authentication feature used to defend the Apple chip's OS kernel.
‼ CVE-2017-20030 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20036 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20034 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20032 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20031 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20033 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20029 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20035 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42811 ‼
📖 Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed.📖 Read
via "National Vulnerability Database".
🗓️ Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups 🗓️
📖 Read
via "The Daily Swig".
Sysadmins should update their installations immediately📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups
Sysadmins should update their installations immediately
🕴 In a Quickly Evolving Landscape, CISOs Shift Their 2022 Priorities 🕴
📖 Read
via "Dark Reading".
Cloud migration, DevSecOps, cyber insurance, and more have emerged as important motivators for cybersecurity investment and focus.📖 Read
via "Dark Reading".
Dark Reading
In a Quickly Evolving Landscape, CISOs Shift Their 2022 Priorities
Cloud migration, DevSecOps, cyber insurance, and more have emerged as important motivators for cybersecurity investment and focus.
❌ U.S. Water Utilities Prime Cyberattack Target, Experts ❌
📖 Read
via "Threat Post".
Environmentalists and policymakers warn water treatment plants are ripe for attack.📖 Read
via "Threat Post".
Threat Post
U.S. Water Utilities Prime Cyberattack Target, Experts
Environmentalists and policymakers warn water treatment plants are ripe for attack.
🕴 How 4 Young Musicians Hacked Sheet Music to Help Fight the Cold War 🕴
📖 Read
via "Dark Reading".
In 1985, a group of klezmer musicians from the US rendezvoused with underground dissidents in Tbilisi, Georgia. This is the story of how they pulled it off with homebrew cryptography.📖 Read
via "Dark Reading".
Dark Reading
The Edge
Find in-depth cybersecurity features on strategy, latest trends, and people to know.
🕴 Artificial Intelligence and Security: What You Should Know 🕴
📖 Read
via "Dark Reading".
Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.📖 Read
via "Dark Reading".
Dark Reading
Artificial Intelligence and Security: What You Should Know
Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.
🔏 Friday Five 6/10 🔏
📖 Read
via "".
Read up on how Apple is getting ahead of the curve on security, how you could be targeted in a Facebook phishing scam, why a different type of cyberattack could surpass ransomware, and more all in this week’s Friday Five!
📖 Read
via "".
‼ CVE-2021-44582 ‼
📖 Read
via "National Vulnerability Database".
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31788 ‼
📖 Read
via "National Vulnerability Database".
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44117 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.📖 Read
via "National Vulnerability Database".