βΌ CVE-2022-32969 βΌ
π Read
via "National Vulnerability Database".
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26877 βΌ
π Read
via "National Vulnerability Database".
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778.π Read
via "National Vulnerability Database".
π The Future of Data Protection and Looking Towards our Future at HelpSystems π
π Read
via "".
Wade Barisoff, Director of Product Management, Data Protection, HelpSystems on shaping the future of data protection through data loss prevention, data classification, and digital rights management.π Read
via "".
βΌ CVE-2022-33042 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20119 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33638 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20116 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39074 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20118 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33639 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20113 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20120 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20117 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20115 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20114 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2252 βΌ
π Read
via "National Vulnerability Database".
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30192 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639.π Read
via "National Vulnerability Database".
π Global Socket 1.4.36 π
π Read
via "Packet Storm Security".
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.π Read
via "Packet Storm Security".
Packetstormsecurity
Global Socket 1.4.36 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Leaky Access Tokens Exposed Amazon Photos of Users β
π Read
via "Threat Post".
Hackers with Amazon usersβ authentication tokens couldβve stolen or encrypted personal photos and documents.π Read
via "Threat Post".
Threat Post
Leaky Access Tokens Exposed Amazon Photos of Users
Hackers with Amazon usersβ authentication tokens couldβve stolen or encrypted personal photos and documents.
π1
βΌ CVE-2022-30467 βΌ
π Read
via "National Vulnerability Database".
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40597 βΌ
π Read
via "National Vulnerability Database".
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.π Read
via "National Vulnerability Database".