‼ CVE-2022-33021 ‼
📖 Read
via "National Vulnerability Database".
CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33037 ‼
📖 Read
via "National Vulnerability Database".
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33107 ‼
📖 Read
via "National Vulnerability Database".
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33023 ‼
📖 Read
via "National Vulnerability Database".
CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34043 ‼
📖 Read
via "National Vulnerability Database".
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33035 ‼
📖 Read
via "National Vulnerability Database".
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.📖 Read
via "National Vulnerability Database".
🗓️ UnRAR path traversal flaw can lead to RCE in Zimbra 🗓️
📖 Read
via "The Daily Swig".
Other applications using binary to extract untrusted archives are potentially vulnerable too📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UnRAR path traversal flaw can lead to RCE in Zimbra
Other applications using binary to extract untrusted archives are potentially vulnerable too
👍1
⚠ Firefox 102 fixes address bar spoofing security hole (and helps with Follina!) ⚠
📖 Read
via "Naked Security".
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-32969 ‼
📖 Read
via "National Vulnerability Database".
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26877 ‼
📖 Read
via "National Vulnerability Database".
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778.📖 Read
via "National Vulnerability Database".
🔏 The Future of Data Protection and Looking Towards our Future at HelpSystems 🔏
📖 Read
via "".
Wade Barisoff, Director of Product Management, Data Protection, HelpSystems on shaping the future of data protection through data loss prevention, data classification, and digital rights management.📖 Read
via "".
‼ CVE-2022-33042 ‼
📖 Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20119 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33638 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20116 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39074 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20118 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33639 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20113 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20120 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20117 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".