πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20055 β€Ό

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component.

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Ransomware attack on Montrose Environmental Group disrupts lab testing services πŸ—“οΈ

Some lab results will be delayed, company warns

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransomware attack on Montrose Environmental Group disrupts lab testing services
Some lab results will be delayed, company warns
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30023 β€Ό

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

πŸ“– Read

via "National Vulnerability Database".
238 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31277 β€Ό

Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.

πŸ“– Read

via "National Vulnerability Database".
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31849 β€Ό

MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31912 β€Ό

Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31910 β€Ό

Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31906 β€Ό

Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php.

πŸ“– Read

via "National Vulnerability Database".
154 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31908 β€Ό

Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31372 β€Ό

Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘2
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31913 β€Ό

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name.

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31300 β€Ό

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31911 β€Ό

Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team.

πŸ“– Read

via "National Vulnerability Database".
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Follina gets fixed – but it’s not listed in the Patch Tuesday patches! ⚠

We tried it out to make sure, so you don't have to.

πŸ“– Read

via "Naked Security".
Naked Security
Follina gets fixed – but it’s not listed in the Patch Tuesday patches!
We tried it out to make sure, so you don’t have to.
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast] ⚠

Lastest epsiode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
Lastest epsiode – listen now!
185 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure πŸ•΄

A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought.

πŸ“– Read

via "Dark Reading".
Dark Reading
RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure
A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought.
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” 4 Ways You Can Use Your Digital Rights Management Tool πŸ”

Having a Digital Rights Management tool can help your team collaborate in the cloud while meeting compliance needs and adhering to your organization's data security policies.

πŸ“– Read

via "".
Digital Guardian
4 Ways You Can Use Your Digital Rights Management Tool
Having a Digital Rights Management tool can help your team collaborate in the cloud while meeting compliance needs and adhering to your organization's data security policies.
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ EU & US Unite to Fight Ransomware πŸ•΄

A working group of European and US officials meet at The Hague to collaborate on ransomware operations and strategies.

πŸ“– Read

via "Dark Reading".
Dark Reading
EU & US Unite to Fight Ransomware
A working group of European and US officials meet at The Hague to collaborate on ransomware operations and strategies.
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27532 β€Ό

A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31298 β€Ό

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31384 β€Ό

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

πŸ“– Read

via "National Vulnerability Database".
146 views