βΌ CVE-2022-2126 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
π3
βΌ CVE-2022-2129 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34005 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1).π Read
via "National Vulnerability Database".
βΌ CVE-2022-34000 βΌ
π Read
via "National Vulnerability Database".
libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34006 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2).π Read
via "National Vulnerability Database".
βΌ CVE-2017-20060 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20064 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20062 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20058 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26668 βΌ
π Read
via "National Vulnerability Database".
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2130 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20057 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45918 βΌ
π Read
via "National Vulnerability Database".
NHIΓ’β¬β’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20061 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26669 βΌ
π Read
via "National Vulnerability Database".
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20059 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)> leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21742 βΌ
π Read
via "National Vulnerability Database".
Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20063 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
ποΈ Attackers can use βScroll to Text Fragmentβ web browser feature to steal data β research ποΈ
π Read
via "The Daily Swig".
In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled serverπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attackers can use βScroll to Text Fragmentβ web browser feature to steal data β research
In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled server
π΄ Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code π΄
π Read
via "Dark Reading".
Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.π Read
via "Dark Reading".
Dark Reading
The Edge
Find in-depth cybersecurity features on strategy, latest trends, and people to know.
ποΈ Internet scans find 1.6 million secrets leaked by websites ποΈ
π Read
via "The Daily Swig".
Probe surfaces βalarmingly hugeβ number of unredacted tokens and keysπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Internet scans find 1.6 million secrets leaked by websites
Probe surfaces βalarmingly hugeβ number of unredacted tokens and keys