โผ CVE-2022-28860 โผ
๐ Read
via "National Vulnerability Database".
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0902 โผ
๐ Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-28861 โผ
๐ Read
via "National Vulnerability Database".
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-35899 โผ
๐ Read
via "National Vulnerability Database".
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2022-30628 โผ
๐ Read
via "National Vulnerability Database".
It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX๐ Read
via "National Vulnerability Database".
โผ CVE-2022-28666 โผ
๐ Read
via "National Vulnerability Database".
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-32430 โผ
๐ Read
via "National Vulnerability Database".
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34767 โผ
๐ Read
via "National Vulnerability Database".
Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability รขโฌโ the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. Does not validate the user's identity and can be accessed publicly.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-32289 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-30337 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.๐ Read
via "National Vulnerability Database".
๐ด Google Becomes First Cloud Operator to Join Healthcare ISAC ๐ด
๐ Read
via "Dark Reading".
Google Cloud pledges experts and other resources to Health Information Sharing and Analysis Center, a community of healthcare infrastructure operators and owners.๐ Read
via "Dark Reading".
Dark Reading
Google Becomes First Cloud Operator to Join Healthcare ISAC
Google Cloud pledges experts and other resources to Health Information Sharing and Analysis Center, a community of healthcare infrastructure operators and owners.
๐ด Equitable Digital Identity Verification Requires Moving Past Flawed Legacy Systems ๐ด
๐ Read
via "Dark Reading".
Data science can be used to improve access to government assistance while reducing fraud.๐ Read
via "Dark Reading".
Dark Reading
Equitable Digital Identity Verification Requires Moving Past Flawed Legacy Systems
Data science can be used to improve access to government assistance while reducing fraud.
โผ CVE-2022-34487 โผ
๐ Read
via "National Vulnerability Database".
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-33198 โผ
๐ Read
via "National Vulnerability Database".
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-28700 โผ
๐ Read
via "National Vulnerability Database".
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-30536 โผ
๐ Read
via "National Vulnerability Database".
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-31475 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.๐ Read
via "National Vulnerability Database".
๐ AIEngine 2.2.0 ๐
๐ Read
via "Packet Storm Security".
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.๐ Read
via "Packet Storm Security".
Packetstormsecurity
AIEngine 2.2.0 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐ด Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene ๐ด
๐ Read
via "Dark Reading".
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.๐ Read
via "Dark Reading".
Dark Reading
Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.
โผ CVE-2022-0974 โผ
๐ Read
via "National Vulnerability Database".
Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-20891 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.๐ Read
via "National Vulnerability Database".