βΌ CVE-2022-37024 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2457 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37005 βΌ
π Read
via "National Vulnerability Database".
The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32429 βΌ
π Read
via "National Vulnerability Database".
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33645 βΌ
π Read
via "National Vulnerability Database".
The th_read() function doesnΓ’β¬β’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30630 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35697 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20357 βΌ
π Read
via "National Vulnerability Database".
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987π Read
via "National Vulnerability Database".
βΌ CVE-2022-35534 βΌ
π Read
via "National Vulnerability Database".
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-35537 βΌ
π Read
via "National Vulnerability Database".
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36270 βΌ
π Read
via "National Vulnerability Database".
Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.π Read
via "National Vulnerability Database".
β Podcast: Inside the Hackersβ Toolkit β
π Read
via "Threat Post".
This edition of the Threatpost podcast is sponsored by Egress.π Read
via "Threat Post".
βΌ CVE-2022-38161 βΌ
π Read
via "National Vulnerability Database".
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38150 βΌ
π Read
via "National Vulnerability Database".
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38155 βΌ
π Read
via "National Vulnerability Database".
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.π Read
via "National Vulnerability Database".
ποΈ Black Hat USA: Log4j de-obfuscator Ox4Shell βdramaticallyβ reduces analysis time ποΈ
π Read
via "The Daily Swig".
Open source utility exposes payloads without running vulnerable Java codeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat USA: Log4j de-obfuscator Ox4Shell βdramaticallyβ reduces analysis time
Open source utility exposes payloads without running vulnerable Java code
βΌ CVE-2022-2751 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2746 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2740 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiated remotely. VDB-205882 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2749 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2750 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".