🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-41661 ‼

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.

📖 Read

via "National Vulnerability Database".

176 views00:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32192 ‼

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

📖 Read

via "National Vulnerability Database".

166 views00:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32278 ‼

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.

📖 Read

via "National Vulnerability Database".

169 views00:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-41662 ‼

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution.

📖 Read

via "National Vulnerability Database".

182 views00:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29257 ‼

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.

📖 Read

via "National Vulnerability Database".

224 views00:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32565 ‼

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.

📖 Read

via "National Vulnerability Database".

242 views00:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32562 ‼

An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.

📖 Read

via "National Vulnerability Database".

288 views00:18

🛡 Cybersecurity & Privacy 🛡 - News

♟️ “Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison ♟️

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites.

📖 Read

via "Krebs on Security".

Krebsonsecurity

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of…

345 views00:38

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31447 ‼

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.

📖 Read

via "National Vulnerability Database".

360 views05:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31446 ‼

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

📖 Read

via "National Vulnerability Database".

366 views05:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31415 ‼

Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.

📖 Read

via "National Vulnerability Database".

384 views05:18

🛡 Cybersecurity & Privacy 🛡 - News

❌ Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach ❌

Attackers gained access to private account details through an email compromise incident that occurred in April.

📖 Read

via "Threat Post".

Threat Post

Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

Attackers gained access to private account details through an email compromise incident that occurred in April.

439 views11:34

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-30345 ‼

RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".

266 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-30350 ‼

Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".

229 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-30281 ‼

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

📖 Read

via "National Vulnerability Database".

188 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-30340 ‼

Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".

165 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-35098 ‼

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

📖 Read

via "National Vulnerability Database".

155 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32254 ‼

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.

📖 Read

via "National Vulnerability Database".

151 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-35076 ‼

Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".

140 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-35102 ‼

Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

📖 Read

via "National Vulnerability Database".

141 views12:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32258 ‼

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.

📖 Read

via "National Vulnerability Database".

137 views12:18

About

Blog

Apps

Platform