🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36545 ‼

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.

📖 Read

via "National Vulnerability Database".
212 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2915 ‼

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

📖 Read

via "National Vulnerability Database".
229 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36543 ‼

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.

📖 Read

via "National Vulnerability Database".
264 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36547 ‼

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.

📖 Read

via "National Vulnerability Database".
358 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36546 ‼

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.

📖 Read

via "National Vulnerability Database".
372 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36544 ‼

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.

📖 Read

via "National Vulnerability Database".
404 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2019-15167 ‼

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

📖 Read

via "National Vulnerability Database".
340 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3013 ‼

A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.

📖 Read

via "National Vulnerability Database".
351 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3014 ‼

A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424.

📖 Read

via "National Vulnerability Database".
342 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3012 ‼

A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
420 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3015 ‼

A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
489 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2787 ‼

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

📖 Read

via "National Vulnerability Database".
535 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38791 ‼

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

📖 Read

via "National Vulnerability Database".
4.16K views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38792 ‼

The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.

📖 Read

via "National Vulnerability Database".
605 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38794 ‼

Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.

📖 Read

via "National Vulnerability Database".
627 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3016 ‼

Use After Free in GitHub repository vim/vim prior to 9.0.0285.

📖 Read

via "National Vulnerability Database".
534 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36705 ‼

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php.

📖 Read

via "National Vulnerability Database".
456 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36708 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php.

📖 Read

via "National Vulnerability Database".
459 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36707 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/bookdetails.php.

📖 Read

via "National Vulnerability Database".
424 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36706 ‼

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.

📖 Read

via "National Vulnerability Database".
377 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36704 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.

📖 Read

via "National Vulnerability Database".
356 views