βΌ CVE-2022-29525 βΌ
π Read
via "National Vulnerability Database".
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.π Read
via "National Vulnerability Database".
π΄ Security Leaders Discuss Industry Drivers at Dark Reading's News Desk at RSAC 2022 π΄
π Read
via "Dark Reading".
Tune into Dark Reading's News Desk interviews with the industryβs leaders, discussing news and hot topics, such as this yearβs "Transofrm" theme, at RSA Conference 2022 in San Franciscoπ Read
via "Dark Reading".
Darkreading
Security Leaders Discuss Industry Drivers at Dark Reading's News Desk at RSAC 2022
Tune into Dark Reading's News Desk interviews with the industryβs leaders, discussing news and hot topics, such as this yearβs "Transform" theme, at RSA Conference 2022 in San Francisco
β Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers β
π Read
via "Threat Post".
Researchers demonstrated a possible way to track individuals via Bluetooth signals.π Read
via "Threat Post".
Threat Post
Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers
Researchers demonstrated a possible way to track individuals via Bluetooth signals.
π€―1
ποΈ French government launches private bug bounty program for identity authentication app ποΈ
π Read
via "The Daily Swig".
Cryptographic skillset favored during hacker selection processπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
French government launches private bug bounty program for identity authentication app
Cryptographic skillset favored during hacker selection process
βΌ CVE-2022-1985 βΌ
π Read
via "National Vulnerability Database".
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1788 βΌ
π Read
via "National Vulnerability Database".
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1772 βΌ
π Read
via "National Vulnerability Database".
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1787 βΌ
π Read
via "National Vulnerability Database".
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escapingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1814 βΌ
π Read
via "National Vulnerability Database".
The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2065 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-1764 βΌ
π Read
via "National Vulnerability Database".
The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escapingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31040 βΌ
π Read
via "National Vulnerability Database".
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1900 βΌ
π Read
via "National Vulnerability Database".
The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2063 βΌ
π Read
via "National Vulnerability Database".
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2064 βΌ
π Read
via "National Vulnerability Database".
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1761 βΌ
π Read
via "National Vulnerability Database".
The PeterΓΒ’Γ’β¬ÒβΒ’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1777 βΌ
π Read
via "National Vulnerability Database".
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1822 βΌ
π Read
via "National Vulnerability Database".
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Γ’β¬ΛprojectΓ’β¬β’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1773 βΌ
π Read
via "National Vulnerability Database".
The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1694 βΌ
π Read
via "National Vulnerability Database".
The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2061 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0.π Read
via "National Vulnerability Database".