‼ CVE-2022-31887 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29858 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/assets through 1.10 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25238 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41559 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19896 ‼
📖 Read
via "National Vulnerability Database".
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20108 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20112 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20109 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20110 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20111 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
🗓️ YARAify: Defensive tool scans suspicious files against a large repository of YARA rules 🗓️
📖 Read
via "The Daily Swig".
Team behind Abuse.ch and ThreatFox launch new hub for scanning and hunting files using YARA📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
YARAify: Defensive tool scans suspicious files against a large repository of YARA rules
Team behind Abuse.ch and ThreatFox launch new hub for scanning and hunting files using YARA
‼ CVE-2021-40642 ‼
📖 Read
via "National Vulnerability Database".
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.📖 Read
via "National Vulnerability Database".
❌ Patchable and Preventable Security Issues Lead Causes of Q1 Attacks ❌
📖 Read
via "Threat Post".
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.📖 Read
via "Threat Post".
Threat Post
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
👍2
‼ CVE-2022-33036 ‼
📖 Read
via "National Vulnerability Database".
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33021 ‼
📖 Read
via "National Vulnerability Database".
CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33037 ‼
📖 Read
via "National Vulnerability Database".
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33107 ‼
📖 Read
via "National Vulnerability Database".
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33023 ‼
📖 Read
via "National Vulnerability Database".
CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34043 ‼
📖 Read
via "National Vulnerability Database".
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33035 ‼
📖 Read
via "National Vulnerability Database".
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.📖 Read
via "National Vulnerability Database".
🗓️ UnRAR path traversal flaw can lead to RCE in Zimbra 🗓️
📖 Read
via "The Daily Swig".
Other applications using binary to extract untrusted archives are potentially vulnerable too📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UnRAR path traversal flaw can lead to RCE in Zimbra
Other applications using binary to extract untrusted archives are potentially vulnerable too
👍1