βΌ CVE-2022-2492 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Library Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument RollNo with the input admin' AND (SELECT 2625 FROM (SELECT(SLEEP(5)))MdIL) AND 'KXmq'='KXmq&Password=1231312312 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24660 βΌ
π Read
via "National Vulnerability Database".
The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31858 βΌ
π Read
via "National Vulnerability Database".
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2488 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2486 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2490 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24659 βΌ
π Read
via "National Vulnerability Database".
Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36322 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.04.2 build parameter injection was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2491 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argument Section with the input 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71716b7171,0x546e4444736b7743575a666d4873746a6450616261527a67627944426946507245664143694c6a4c,0x7162706b71),NULL,NULL,NULL,NULL# leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24657 βΌ
π Read
via "National Vulnerability Database".
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).π Read
via "National Vulnerability Database".
π΄ How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures π΄
π Read
via "Dark Reading".
The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.π Read
via "Dark Reading".
Dark Reading
How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures
The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.
π’ Flipkartβs Cleartrip suffers βmassiveβ data breach π’
π Read
via "ITPro".
The Indian online travel company notified customers yesterday of the breach which seems to have taken place between April and May 2022π Read
via "ITPro".
IT PRO
Flipkartβs Cleartrip suffers βmassiveβ data breach | IT PRO
The Indian online travel company notified customers yesterday of the breach which seems to have taken place between April and May 2022
π’ Chinese authorities to fine Didi $1 billion following cyber security review π’
π Read
via "ITPro".
The ride-hailing company will also reportedly be allowed to list its app on domestic app stores once againπ Read
via "ITPro".
IT PRO
Chinese authorities to fine Didi $1 billion following cyber security review | IT PRO
The ride-hailing company will also reportedly be allowed to list its app on domestic app stores once again
π’ Meta begins encrypting Facebook URLs, nullifying tracking countermeasures π’
π Read
via "ITPro".
The move has made URL stripping impossible but will improve analyticsπ Read
via "ITPro".
IT PRO
Meta begins encrypting Facebook URLs, nullifying tracking countermeasures | IT PRO
The move has made URL stripping impossible but will improve analytics
π’ Chrome vs Firefox vs Microsoft Edge π’
π Read
via "ITPro".
We put the web's three most popular browsers head-to-head to find out which one is the best browser of them allπ Read
via "ITPro".
ITPro
Best web browsers 2023: Firefox vs Google Chrome vs Microsoft Edge
Firefox vs Chrome vs Edge - discover which comes out on top in the ultimate battle to crown the very best browser
π’ CISA chooses London for its first-ever overseas office π’
π Read
via "ITPro".
Within hours of the US' announcement, the EU also said it would be going the other way and opening its first west-coast office to tackle digital diplomacyπ Read
via "ITPro".
ITPro
CISA chooses London for its first-ever overseas office
Within hours of the US' announcement, the EU also said it would be going the other way and opening its first west-coast office to tackle digital diplomacy
β 8 months on, US says Log4Shell will be around for βa decade or longerβ β
π Read
via "Naked Security".
When it comes to cybersecurity, ask not what everyone else can do for you...π Read
via "Naked Security".
Naked Security
8 months on, US says Log4Shell will be around for βa decade or longerβ
When it comes to cybersecurity, ask not what everyone else can do for youβ¦
β Last member of Gozi malware troika arrives in US for criminal trial β
π Read
via "Naked Security".
His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turned...π Read
via "Naked Security".
Naked Security
Last member of Gozi malware troika arrives in US for criminal trial
His co-conspirators went into and got out of prison years ago, while he remained free. Now the tables have turnedβ¦
π΄ Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists π΄
π Read
via "Dark Reading".
The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.π Read
via "Dark Reading".
Dark Reading
Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists
The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.
βΌ CVE-2022-34600 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22216 βΌ
π Read
via "National Vulnerability Database".
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2.π Read
via "National Vulnerability Database".