‼ CVE-2017-20052 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31626 ‼
📖 Read
via "National Vulnerability Database".
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20051 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31625 ‼
📖 Read
via "National Vulnerability Database".
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.📖 Read
via "National Vulnerability Database".
🗓️ Business email platform Zimbra patches memcached injection flaw that imperils user credentials 🗓️
📖 Read
via "The Daily Swig".
Attackers could also potentially gain access to various internal services, researcher warns📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Business email platform Zimbra patches memcached injection flaw that imperils user credentials
Attackers could also potentially gain access to various internal services, researcher warns
❌ Facebook Messenger Scam Duped Millions ❌
📖 Read
via "Threat Post".
One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.📖 Read
via "Threat Post".
Threat Post
Facebook Messenger Scam Duped Millions
One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.
❌ Ransomware Risk in Healthcare Endangers Patients ❌
📖 Read
via "Threat Post".
Ryan Witt, Proofpoint's Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.📖 Read
via "Threat Post".
Threat Post
Ransomware Risk in Healthcare Endangers Patients
Ryan Witt, Proofpoint's Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.
❌ State-Sponsored Phishing Attack Targeted Israeli Military Officials ❌
📖 Read
via "Threat Post".
Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.📖 Read
via "Threat Post".
Threat Post
State-Sponsored Phishing Attack Targeted Israeli Military Officials
Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.
‼ CVE-2021-41411 ‼
📖 Read
via "National Vulnerability Database".
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2098 ‼
📖 Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41402 ‼
📖 Read
via "National Vulnerability Database".
flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41458 ‼
📖 Read
via "National Vulnerability Database".
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.📖 Read
via "National Vulnerability Database".
🕴 Are You Hiring Enough Entry-Level Security Pros? 🕴
📖 Read
via "Dark Reading".
New (ISC)² survey shows employment levels for entry-level cyber pros lag behind every other experience level.📖 Read
via "Dark Reading".
Dark Reading
Are You Hiring Enough Entry-Level Security Pros?
New (ISC)² survey shows employment levels for entry-level cyber pros lag behind every other experience level.
🕴 CISOs Gain False Confidence in the Calm After the Storm of the Pandemic 🕴
📖 Read
via "Dark Reading".
While CISOs may feel more confident in their security posture emerging from the pandemic, new research suggests that doesn't mean organizations are better prepared for large-scale attacks.📖 Read
via "Dark Reading".
Dark Reading
CISOs Gain False Confidence in the Calm After the Storm of the Pandemic
While CISOs may feel more confident in their security posture emerging from the pandemic, new research suggests that doesn't mean organizations are better prepared for large-scale attacks.
‼ CVE-2017-20056 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20053 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20054 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41654 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20055 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
🗓️ Ransomware attack on Montrose Environmental Group disrupts lab testing services 🗓️
📖 Read
via "The Daily Swig".
Some lab results will be delayed, company warns📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransomware attack on Montrose Environmental Group disrupts lab testing services
Some lab results will be delayed, company warns
‼ CVE-2022-30023 ‼
📖 Read
via "National Vulnerability Database".
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.📖 Read
via "National Vulnerability Database".