βΌ CVE-2021-45918 βΌ
π Read
via "National Vulnerability Database".
NHIΓ’β¬β’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20061 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26669 βΌ
π Read
via "National Vulnerability Database".
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20059 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)> leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21742 βΌ
π Read
via "National Vulnerability Database".
Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20063 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
ποΈ Attackers can use βScroll to Text Fragmentβ web browser feature to steal data β research ποΈ
π Read
via "The Daily Swig".
In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled serverπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attackers can use βScroll to Text Fragmentβ web browser feature to steal data β research
In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled server
π΄ Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code π΄
π Read
via "Dark Reading".
Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.π Read
via "Dark Reading".
Dark Reading
The Edge
Find in-depth cybersecurity features on strategy, latest trends, and people to know.
ποΈ Internet scans find 1.6 million secrets leaked by websites ποΈ
π Read
via "The Daily Swig".
Probe surfaces βalarmingly hugeβ number of unredacted tokens and keysπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Internet scans find 1.6 million secrets leaked by websites
Probe surfaces βalarmingly hugeβ number of unredacted tokens and keys
π΄ The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive π΄
π Read
via "Dark Reading".
Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box.π Read
via "Dark Reading".
Dark Reading
The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive
Companies need to fill some of the millions of empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box.
βΌ CVE-2022-25772 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascriptπ Read
via "National Vulnerability Database".
π΄ Security Lessons From Protecting Live Events π΄
π Read
via "Dark Reading".
Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.π Read
via "Dark Reading".
Dark Reading
Security Lessons From Protecting Live Events
Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.
ποΈ Critical Citrix ADM vulnerability creates means to reset admin passwords ποΈ
π Read
via "The Daily Swig".
Improper access control flaw poses DoS-to-RCE hijack riskπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical Citrix ADM vulnerability creates means to reset admin passwords
Improper access control flaw poses DoS-to-RCE hijack risk
βΌ CVE-2022-31795 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41683 βΌ
π Read
via "National Vulnerability Database".
There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0π Read
via "National Vulnerability Database".
βΌ CVE-2021-41682 βΌ
π Read
via "National Vulnerability Database".
There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0π Read
via "National Vulnerability Database".
βΌ CVE-2022-2134 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository inventree/inventree prior to 0.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1720 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31794 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.π Read
via "National Vulnerability Database".
π TOR Virtual Network Tunneling Tool 0.4.7.8 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code π΄
π Read
via "Dark Reading".
Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.π Read
via "Dark Reading".
Dark Reading
Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code
Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.