‼ CVE-2017-20109 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20110 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20111 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
🗓️ YARAify: Defensive tool scans suspicious files against a large repository of YARA rules 🗓️
📖 Read
via "The Daily Swig".
Team behind Abuse.ch and ThreatFox launch new hub for scanning and hunting files using YARA📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
YARAify: Defensive tool scans suspicious files against a large repository of YARA rules
Team behind Abuse.ch and ThreatFox launch new hub for scanning and hunting files using YARA
‼ CVE-2021-40642 ‼
📖 Read
via "National Vulnerability Database".
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.📖 Read
via "National Vulnerability Database".
❌ Patchable and Preventable Security Issues Lead Causes of Q1 Attacks ❌
📖 Read
via "Threat Post".
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.📖 Read
via "Threat Post".
Threat Post
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
👍2
‼ CVE-2022-33036 ‼
📖 Read
via "National Vulnerability Database".
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33021 ‼
📖 Read
via "National Vulnerability Database".
CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33037 ‼
📖 Read
via "National Vulnerability Database".
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33107 ‼
📖 Read
via "National Vulnerability Database".
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33023 ‼
📖 Read
via "National Vulnerability Database".
CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34043 ‼
📖 Read
via "National Vulnerability Database".
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33035 ‼
📖 Read
via "National Vulnerability Database".
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.📖 Read
via "National Vulnerability Database".
🗓️ UnRAR path traversal flaw can lead to RCE in Zimbra 🗓️
📖 Read
via "The Daily Swig".
Other applications using binary to extract untrusted archives are potentially vulnerable too📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UnRAR path traversal flaw can lead to RCE in Zimbra
Other applications using binary to extract untrusted archives are potentially vulnerable too
👍1
⚠ Firefox 102 fixes address bar spoofing security hole (and helps with Follina!) ⚠
📖 Read
via "Naked Security".
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-32969 ‼
📖 Read
via "National Vulnerability Database".
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26877 ‼
📖 Read
via "National Vulnerability Database".
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778.📖 Read
via "National Vulnerability Database".
🔏 The Future of Data Protection and Looking Towards our Future at HelpSystems 🔏
📖 Read
via "".
Wade Barisoff, Director of Product Management, Data Protection, HelpSystems on shaping the future of data protection through data loss prevention, data classification, and digital rights management.📖 Read
via "".
‼ CVE-2022-33042 ‼
📖 Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20119 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33638 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.📖 Read
via "National Vulnerability Database".