βΌ CVE-2022-2724 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205837 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35724 βΌ
π Read
via "National Vulnerability Database".
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36125 βΌ
π Read
via "National Vulnerability Database".
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25907 βΌ
π Read
via "National Vulnerability Database".
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2723 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2726 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205839.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2725 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add-blog.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-205838 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2727 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/login.php. The manipulation of the argument admin_email/admin_pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205855.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2728 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /mygym/admin/index.php. The manipulation of the argument edit_tran leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205856.π Read
via "National Vulnerability Database".
ποΈ Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions ποΈ
π Read
via "The Daily Swig".
Bug fixed within 24 hours and $5,000 bug bounty awardedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions
Bug fixed within 24 hours and $5,000 bug bounty awarded
βΌ CVE-2022-2734 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2732 βΌ
π Read
via "National Vulnerability Database".
Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2730 βΌ
π Read
via "National Vulnerability Database".
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2729 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2731 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2733 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
β Slack admits to leaking hashed passwords for five years β
π Read
via "Naked Security".
"When those invitations went out... somehow, your password hash went out with them."π Read
via "Naked Security".
Naked Security
Slack admits to leaking hashed passwords for five years
βWhen those invitations went outβ¦ somehow, your password hash went out with them.β
π Falco 0.32.2 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.32.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Microsoft Edge deepens defenses against malicious websites with enhanced security mode ποΈ
π Read
via "The Daily Swig".
Browser adds defense in depth to prevent abuse of unpatched vulnerabilitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microsoft Edge deepens defenses against malicious websites with enhanced security mode
Browser adds defense in depth to prevent abuse of unpatched vulnerabilities
π1
β Virtual Currency Platform βTornado Cashβ Accused of Aiding APTs β
π Read
via "Threat Post".
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Koreaβs missile program.π Read
via "Threat Post".
Threat Post
Virtual Currency Platform βTornado Cashβ Accused of Aiding APTs
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Koreaβs missile program.
β€1
βΌ CVE-2022-30573 βΌ
π Read
via "National Vulnerability Database".
The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO FTL - Enterprise Edition: version 6.8.0.π Read
via "National Vulnerability Database".