βΌ CVE-2022-36120 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29850 βΌ
π Read
via "National Vulnerability Database".
Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36226 βΌ
π Read
via "National Vulnerability Database".
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36121 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30984 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38533 βΌ
π Read
via "National Vulnerability Database".
In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.π Read
via "National Vulnerability Database".
ποΈ LastPass flags security incident after attackers stole source code, technical information ποΈ
π Read
via "The Daily Swig".
Usersβ master passwords are safe, thanks to companyβs βzero knowledgeβ architectureπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
LastPass flags security incident after attackers stole source code, technical information
Usersβ master passwords are safe, thanks to companyβs βzero knowledgeβ architecture
π΄ Capital One Joins Open Source Security Foundation π΄
π Read
via "Dark Reading".
OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.π Read
via "Dark Reading".
Dark Reading
Capital One Joins Open Source Security Foundation
OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.
π΄ Endpoint Protection / Antivirus Products Tested for Malware Protection π΄
π Read
via "Dark Reading".
Six out of the eight products achieved an "A" rating or higher for blocking malware attacks. Reports are provided to the community for free.π Read
via "Dark Reading".
Dark Reading
Endpoint Protection / Antivirus Products Tested for Malware Protection
Six out of the eight products achieved an "A" rating or higher for blocking malware attacks. Reports are provided to the community for free.
ποΈ Critical command injection vulnerability discovered in Bitbucket Server and Data Center ποΈ
π Read
via "The Daily Swig".
Update now to protect against flawπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical command injection vulnerability discovered in Bitbucket Server and Data Center
Update now to protect against flaw
π΄ 'No-Party' Data Architectures Promise More Control, Better Security π΄
π Read
via "Dark Reading".
Consumers gain control of their data while companies build better relationships with their customers β but third-party ad-tech firms will likely continue to stand in the way.π Read
via "Dark Reading".
Dark Reading
'No-Party' Data Architectures Promise More Control, Better Security
Consumers gain control of their data while companies build better relationships with their customers β but third-party ad-tech firms will likely continue to stand in the way.
π΄ How DevSecOps Empowers Citizen Developers π΄
π Read
via "Dark Reading".
DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments.π Read
via "Dark Reading".
Dark Reading
How DevSecOps Empowers Citizen Developers
DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments.
βΌ CVE-2022-36678 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37152 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"π Read
via "National Vulnerability Database".
βΌ CVE-2022-36680 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37151 βΌ
π Read
via "National Vulnerability Database".
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39393 βΌ
π Read
via "National Vulnerability Database".
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36683 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36682 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40285 βΌ
π Read
via "National Vulnerability Database".
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39394 βΌ
π Read
via "National Vulnerability Database".
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.π Read
via "National Vulnerability Database".