âź CVE-2022-32777 âź
đ Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerabilty is for the session cookie which can be leaked via JavaScript.đ Read
via "National Vulnerability Database".
âź CVE-2022-2842 âź
đ Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451.đ Read
via "National Vulnerability Database".
đ´ Metasploit Creator Renames His Startup and IT Discovery Tool Rumble 'runZero' đ´
đ Read
via "Dark Reading".
HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.đ Read
via "Dark Reading".
Dark Reading
Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to 'runZero'
HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.
âź CVE-2021-29891 âź
đ Read
via "National Vulnerability Database".
IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.đ Read
via "National Vulnerability Database".
âź CVE-2022-38667 âź
đ Read
via "National Vulnerability Database".
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used.đ Read
via "National Vulnerability Database".
âź CVE-2022-38668 âź
đ Read
via "National Vulnerability Database".
HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB.đ Read
via "National Vulnerability Database".
âź CVE-2022-2923 âź
đ Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0239.đ Read
via "National Vulnerability Database".
đ´ Fake DDoS Protection Alerts Distribute Dangerous RAT đ´
đ Read
via "Dark Reading".
Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.đ Read
via "Dark Reading".
Dark Reading
Fake DDoS Protection Alerts Distribute Dangerous RAT
Adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.
đ´ Facing the New Security Challenges That Come With Cloud đ´
đ Read
via "Dark Reading".
Organizations relying on multicloud or hybrid-cloud environments without ďťża true understanding of their security vulnerabilities do so at their peril.đ Read
via "Dark Reading".
Dark Reading
Facing the New Security Challenges That Come With Cloud
Organizations relying on multicloud or hybrid-cloud environments without ďťża true understanding of their security vulnerabilities do so at their peril.
âź CVE-2022-35191 âź
đ Read
via "National Vulnerability Database".
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.đ Read
via "National Vulnerability Database".
đ¤1
âź CVE-2022-2829 âź
đ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.đ Read
via "National Vulnerability Database".
âź CVE-2019-25075 âź
đ Read
via "National Vulnerability Database".
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.đ Read
via "National Vulnerability Database".
âź CVE-2022-33916 âź
đ Read
via "National Vulnerability Database".
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.đ Read
via "National Vulnerability Database".
âź CVE-2022-34919 âź
đ Read
via "National Vulnerability Database".
The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.đ Read
via "National Vulnerability Database".
âź CVE-2021-28861 âź
đ Read
via "National Vulnerability Database".
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.đ Read
via "National Vulnerability Database".
âź CVE-2021-42232 âź
đ Read
via "National Vulnerability Database".
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.đ Read
via "National Vulnerability Database".
âź CVE-2020-35992 âź
đ Read
via "National Vulnerability Database".
Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database.đ Read
via "National Vulnerability Database".
đ1
âź CVE-2022-35733 âź
đ Read
via "National Vulnerability Database".
Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.đ Read
via "National Vulnerability Database".
âź CVE-2022-24381 âź
đ Read
via "National Vulnerability Database".
All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.đ Read
via "National Vulnerability Database".
âź CVE-2022-24298 âź
đ Read
via "National Vulnerability Database".
All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.đ Read
via "National Vulnerability Database".
âź CVE-2022-25304 âź
đ Read
via "National Vulnerability Database".
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.đ Read
via "National Vulnerability Database".