βΌ CVE-2022-26135 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20123 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20125 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20124 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
β Firefox 102 fixes address bar spoofing security hole (and helps with Follina!) β
π Read
via "Naked Security".
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β A Guide to Surviving a Ransomware Attack β
π Read
via "Threat Post".
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.π Read
via "Threat Post".
Threat Post
A Guide to Surviving a Ransomware Attack
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.
βΌ CVE-2021-40643 βΌ
π Read
via "National Vulnerability Database".
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").π Read
via "National Vulnerability Database".
β S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!π Read
via "Naked Security".
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
Latest episode β listen and read now! Use our advice to advise your own friends and familyβ¦ letβs all do our bit to stand up to scammers!
ποΈ OpenSea reveals email breach, blames employee at third-party vendor ποΈ
π Read
via "The Daily Swig".
All users who shared their email address with NFT marketplace told: βAssume you were impactedβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OpenSea among six organizations affected by email address leak by rogue employee at third-party vendor
All users who shared their email address with NFT marketplace told: βAssume you were impactedβ
βΌ CVE-2013-4146 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2078 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40663 βΌ
π Read
via "National Vulnerability Database".
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').π Read
via "National Vulnerability Database".
βΌ CVE-2022-1852 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernelΓ’β¬β’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33043 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.π Read
via "National Vulnerability Database".
βΌ CVE-2013-4170 βΌ
π Read
via "National Vulnerability Database".
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41506 βΌ
π Read
via "National Vulnerability Database".
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for July 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for July 2022
New web targets for the discerning hacker
π Blue Team Training Toolkit (BT3) 2.9 π
π Read
via "Packet Storm Security".
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.π Read
via "Packet Storm Security".
Packetstormsecurity
Blue Team Training Toolkit (BT3) 2.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-37778 βΌ
π Read
via "National Vulnerability Database".
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37770 βΌ
π Read
via "National Vulnerability Database".
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.π Read
via "National Vulnerability Database".
β ZuoRAT Can Take Over Widely Used SOHO Routers β
π Read
via "Threat Post".
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.π Read
via "Threat Post".
Threat Post
ZuoRAT Can Take Over Widely Used SOHO Routers
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.