βΌ CVE-2021-33645 βΌ
π Read
via "National Vulnerability Database".
The th_read() function doesnΓ’β¬β’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30630 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35697 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20357 βΌ
π Read
via "National Vulnerability Database".
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987π Read
via "National Vulnerability Database".
βΌ CVE-2022-35534 βΌ
π Read
via "National Vulnerability Database".
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-35537 βΌ
π Read
via "National Vulnerability Database".
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36270 βΌ
π Read
via "National Vulnerability Database".
Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.π Read
via "National Vulnerability Database".
β Podcast: Inside the Hackersβ Toolkit β
π Read
via "Threat Post".
This edition of the Threatpost podcast is sponsored by Egress.π Read
via "Threat Post".
βΌ CVE-2022-38161 βΌ
π Read
via "National Vulnerability Database".
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38150 βΌ
π Read
via "National Vulnerability Database".
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38155 βΌ
π Read
via "National Vulnerability Database".
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.π Read
via "National Vulnerability Database".
ποΈ Black Hat USA: Log4j de-obfuscator Ox4Shell βdramaticallyβ reduces analysis time ποΈ
π Read
via "The Daily Swig".
Open source utility exposes payloads without running vulnerable Java codeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat USA: Log4j de-obfuscator Ox4Shell βdramaticallyβ reduces analysis time
Open source utility exposes payloads without running vulnerable Java code
βΌ CVE-2022-2751 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2746 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2740 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiated remotely. VDB-205882 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2749 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2750 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-206022 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2744 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2747 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book_isbn leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-206015.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2748 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206016.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2736 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The manipulation of the argument xfile/ufile leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-205881 was assigned to this vulnerability.π Read
via "National Vulnerability Database".