‼ CVE-2022-35650 ‼
📖 Read
via "National Vulnerability Database".
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35649 ‼
📖 Read
via "National Vulnerability Database".
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.📖 Read
via "National Vulnerability Database".
🤔1
‼ CVE-2022-35653 ‼
📖 Read
via "National Vulnerability Database".
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24083 ‼
📖 Read
via "National Vulnerability Database".
Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35652 ‼
📖 Read
via "National Vulnerability Database".
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35651 ‼
📖 Read
via "National Vulnerability Database".
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34965 ‼
📖 Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
🕴 Why Layer 8 Is Great 🕴
📖 Read
via "Dark Reading".
To help discern legitimate traffic from fraud, it helps to understand user intent as shown through their behavior.📖 Read
via "Dark Reading".
Dark Reading
Why Layer 8 Is Great
To help discern legitimate traffic from fraud, it helps to understand user intent as shown through their behavior.
🕴 T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People 🕴
📖 Read
via "Dark Reading".
After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million.📖 Read
via "Dark Reading".
Dark Reading
T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People
After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million.
👍1
🕴 Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs 🕴
📖 Read
via "Dark Reading".
Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT.📖 Read
via "Dark Reading".
Dark Reading
Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs
Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT.
‼ CVE-2022-35288 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35284 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34962 ‼
📖 Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35871 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34966 ‼
📖 Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24992 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35285 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2059 ‼
📖 Read
via "National Vulnerability Database".
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35869 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33969 ‼
📖 Read
via "National Vulnerability Database".
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23000 ‼
📖 Read
via "National Vulnerability Database".
The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".