βΌ CVE-2022-32740 βΌ
π Read
via "National Vulnerability Database".
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29894 βΌ
π Read
via "National Vulnerability Database".
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27174 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20044 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2060 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32741 βΌ
π Read
via "National Vulnerability Database".
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26834 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37404 βΌ
π Read
via "National Vulnerability Database".
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32739 βΌ
π Read
via "National Vulnerability Database".
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20042 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20045 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20043 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29525 βΌ
π Read
via "National Vulnerability Database".
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.π Read
via "National Vulnerability Database".
π΄ Security Leaders Discuss Industry Drivers at Dark Reading's News Desk at RSAC 2022 π΄
π Read
via "Dark Reading".
Tune into Dark Reading's News Desk interviews with the industryβs leaders, discussing news and hot topics, such as this yearβs "Transofrm" theme, at RSA Conference 2022 in San Franciscoπ Read
via "Dark Reading".
Darkreading
Security Leaders Discuss Industry Drivers at Dark Reading's News Desk at RSAC 2022
Tune into Dark Reading's News Desk interviews with the industryβs leaders, discussing news and hot topics, such as this yearβs "Transform" theme, at RSA Conference 2022 in San Francisco
β Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers β
π Read
via "Threat Post".
Researchers demonstrated a possible way to track individuals via Bluetooth signals.π Read
via "Threat Post".
Threat Post
Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers
Researchers demonstrated a possible way to track individuals via Bluetooth signals.
π€―1
ποΈ French government launches private bug bounty program for identity authentication app ποΈ
π Read
via "The Daily Swig".
Cryptographic skillset favored during hacker selection processπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
French government launches private bug bounty program for identity authentication app
Cryptographic skillset favored during hacker selection process
βΌ CVE-2022-1985 βΌ
π Read
via "National Vulnerability Database".
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1788 βΌ
π Read
via "National Vulnerability Database".
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1772 βΌ
π Read
via "National Vulnerability Database".
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1787 βΌ
π Read
via "National Vulnerability Database".
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escapingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1814 βΌ
π Read
via "National Vulnerability Database".
The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".