βΌ CVE-2022-34963 βΌ
π Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28459 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.π Read
via "National Vulnerability Database".
π Logwatch 7.7 π
π Read
via "Packet Storm Security".
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.π Read
via "Packet Storm Security".
Packetstormsecurity
Logwatch 7.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-28438 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.jsπ Read
via "National Vulnerability Database".
βΌ CVE-2020-28445 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26306 βΌ
π Read
via "National Vulnerability Database".
LibreOffice supports the storage of passwords for web connections in the userΓ’β¬β’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34964 βΌ
π Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34961 βΌ
π Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28422 βΌ
π Read
via "National Vulnerability Database".
All versions of package git-archive are vulnerable to Command Injection via the exports function.π Read
via "National Vulnerability Database".
β T-Mobile to cough up $500 million over 2021 data breach β
π Read
via "Naked Security".
Technically, it's not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.π Read
via "Naked Security".
Naked Security
T-Mobile to cough up $500 million over 2021 data breach
Technically, itβs not a fine, and the lawyers will get a big chunk of it. But it still adds up to a half-billion-dollar data breach.
π΄ Qakbot Is Back With a New Trick: DLL Sideloading π΄
π Read
via "Dark Reading".
In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection.π Read
via "Dark Reading".
Dark Reading
Qakbot Is Back With a New Trick: DLL Sideloading
In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection.
βΌ CVE-2022-35650 βΌ
π Read
via "National Vulnerability Database".
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35649 βΌ
π Read
via "National Vulnerability Database".
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2022-35653 βΌ
π Read
via "National Vulnerability Database".
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24083 βΌ
π Read
via "National Vulnerability Database".
Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35652 βΌ
π Read
via "National Vulnerability Database".
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35651 βΌ
π Read
via "National Vulnerability Database".
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34965 βΌ
π Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
π΄ Why Layer 8 Is Great π΄
π Read
via "Dark Reading".
To help discern legitimate traffic from fraud, it helps to understand user intent as shown through their behavior.π Read
via "Dark Reading".
Dark Reading
Why Layer 8 Is Great
To help discern legitimate traffic from fraud, it helps to understand user intent as shown through their behavior.
π΄ T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People π΄
π Read
via "Dark Reading".
After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million.π Read
via "Dark Reading".
Dark Reading
T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People
After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million.
π1
π΄ Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs π΄
π Read
via "Dark Reading".
Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT.π Read
via "Dark Reading".
Dark Reading
Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs
Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT.