âź CVE-2022-29468 âź
đ Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.đ Read
via "National Vulnerability Database".
âź CVE-2022-30534 âź
đ Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.đ Read
via "National Vulnerability Database".
âź CVE-2022-32282 âź
đ Read
via "National Vulnerability Database".
An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.đ Read
via "National Vulnerability Database".
âź CVE-2022-32761 âź
đ Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.đ Read
via "National Vulnerability Database".
âź CVE-2022-30690 âź
đ Read
via "National Vulnerability Database".
A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.đ Read
via "National Vulnerability Database".
âź CVE-2022-33149 âź
đ Read
via "National Vulnerability Database".
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter.đ Read
via "National Vulnerability Database".
âź CVE-2022-32777 âź
đ Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerabilty is for the session cookie which can be leaked via JavaScript.đ Read
via "National Vulnerability Database".
âź CVE-2022-2842 âź
đ Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451.đ Read
via "National Vulnerability Database".
đ´ Metasploit Creator Renames His Startup and IT Discovery Tool Rumble 'runZero' đ´
đ Read
via "Dark Reading".
HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.đ Read
via "Dark Reading".
Dark Reading
Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to 'runZero'
HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.
âź CVE-2021-29891 âź
đ Read
via "National Vulnerability Database".
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.đ Read
via "National Vulnerability Database".
âź CVE-2022-38667 âź
đ Read
via "National Vulnerability Database".
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used.đ Read
via "National Vulnerability Database".
âź CVE-2022-38668 âź
đ Read
via "National Vulnerability Database".
HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB.đ Read
via "National Vulnerability Database".
âź CVE-2022-2923 âź
đ Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0239.đ Read
via "National Vulnerability Database".
đ´ Fake DDoS Protection Alerts Distribute Dangerous RAT đ´
đ Read
via "Dark Reading".
Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.đ Read
via "Dark Reading".
Dark Reading
Fake DDoS Protection Alerts Distribute Dangerous RAT
Adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.
đ´ Facing the New Security Challenges That Come With Cloud đ´
đ Read
via "Dark Reading".
Organizations relying on multicloud or hybrid-cloud environments without ďťża true understanding of their security vulnerabilities do so at their peril.đ Read
via "Dark Reading".
Dark Reading
Facing the New Security Challenges That Come With Cloud
Organizations relying on multicloud or hybrid-cloud environments without ďťża true understanding of their security vulnerabilities do so at their peril.
âź CVE-2022-35191 âź
đ Read
via "National Vulnerability Database".
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.đ Read
via "National Vulnerability Database".
đ¤1
âź CVE-2022-2829 âź
đ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.đ Read
via "National Vulnerability Database".
âź CVE-2019-25075 âź
đ Read
via "National Vulnerability Database".
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.đ Read
via "National Vulnerability Database".
âź CVE-2022-33916 âź
đ Read
via "National Vulnerability Database".
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.đ Read
via "National Vulnerability Database".
âź CVE-2022-34919 âź
đ Read
via "National Vulnerability Database".
The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.đ Read
via "National Vulnerability Database".
âź CVE-2021-28861 âź
đ Read
via "National Vulnerability Database".
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.đ Read
via "National Vulnerability Database".