‼ CVE-2022-35201 ‼
📖 Read
via "National Vulnerability Database".
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36263 ‼
📖 Read
via "National Vulnerability Database".
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34615 ‼
📖 Read
via "National Vulnerability Database".
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34623 ‼
📖 Read
via "National Vulnerability Database".
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36606 ‼
📖 Read
via "National Vulnerability Database".
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36577 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36225 ‼
📖 Read
via "National Vulnerability Database".
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-36578 ‼
📖 Read
via "National Vulnerability Database".
jizhicms v2.3.1 has SQL injection in the background.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37254 ‼
📖 Read
via "National Vulnerability Database".
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36579 ‼
📖 Read
via "National Vulnerability Database".
Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36224 ‼
📖 Read
via "National Vulnerability Database".
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).📖 Read
via "National Vulnerability Database".
🕴 BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing 🕴
📖 Read
via "Dark Reading".
Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group.📖 Read
via "Dark Reading".
Dark Reading
BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing
Version 2.0 of the ransomware group's operation borrows extortion tactics from the LockBit 3.0 group.
👍2
🕴 State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims 🕴
📖 Read
via "Dark Reading".
APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA.📖 Read
via "Dark Reading".
Dark Reading
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims
APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA.
🕴 Cybersecurity Solutions Must Evolve, Says Netography CEO 🕴
📖 Read
via "Dark Reading".
Just as cyber criminals change tactics and strategy for more effectiveness, so must infosec pros and their organizations, according to Martin Roesch of Netography.📖 Read
via "Dark Reading".
Darkreading
Cybersecurity Solutions Must Evolve, Says Netography CEO
Just as cyber criminals change tactics and strategy for more effectiveness, so must infosec pros and their organizations, according to Martin Roesch of Netography.
‼ CVE-2022-0542 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22489 ‼
📖 Read
via "National Vulnerability Database".
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23459 ‼
📖 Read
via "National Vulnerability Database".
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37175 ‼
📖 Read
via "National Vulnerability Database".
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23460 ‼
📖 Read
via "National Vulnerability Database".
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36170 ‼
📖 Read
via "National Vulnerability Database".
MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2788 ‼
📖 Read
via "National Vulnerability Database".
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.📖 Read
via "National Vulnerability Database".