βΌ CVE-2021-44425 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).π Read
via "National Vulnerability Database".
βΌ CVE-2022-2979 βΌ
π Read
via "National Vulnerability Database".
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36101 βΌ
π Read
via "National Vulnerability Database".
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38291 βΌ
π Read
via "National Vulnerability Database".
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38292 βΌ
π Read
via "National Vulnerability Database".
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38296 βΌ
π Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38297 βΌ
π Read
via "National Vulnerability Database".
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38299 βΌ
π Read
via "National Vulnerability Database".
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38304 βΌ
π Read
via "National Vulnerability Database".
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35572 βΌ
π Read
via "National Vulnerability Database".
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38302 βΌ
π Read
via "National Vulnerability Database".
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38303 βΌ
π Read
via "National Vulnerability Database".
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38298 βΌ
π Read
via "National Vulnerability Database".
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.π Read
via "National Vulnerability Database".
π’ New approach to ransomware encryption threatens to undermine cyber security strategies π’
π Read
via "ITPro".
Intermittent encryption is already in use with ransomware such as BlackCat and Qyick, and could mark a widespread shift in the threat landscapeπ Read
via "ITPro".
IT PRO
New approach to ransomware encryption threatens to undermine cyber security strategies | IT PRO
Intermittent encryption is already in use with ransomware such as BlackCat and Qyick, and could mark a widespread shift in the threat landscape
π’ Iranian Ministry of Intelligence sanctioned after Albania cyber attack π’
π Read
via "ITPro".
Iran faces stiff criticism from Nato, the US, and the UK for βincreasingly aggressiveβ cyber operationsπ Read
via "ITPro".
IT PRO
Iranian Ministry of Intelligence sanctioned after Albania cyber attack | IT PRO
Iran faces stiff criticism from Nato, the US, and the UK for βincreasingly aggressiveβ cyber operations
π’ Googleβs Project Zero is frightening and reassuring in equal measure π’
π Read
via "ITPro".
This crack team of security researchers are doing work we should all be grateful forπ Read
via "ITPro".
IT PRO
Googleβs Project Zero is frightening and reassuring in equal measure | IT PRO
This crack team of security researchers are doing work we should all be grateful for
π’ Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs π’
π Read
via "ITPro".
Researchers revealed the details of the six vulnerabilities at Black Hat in August but many laptops, desktops, and workstations remain vulnerableπ Read
via "ITPro".
IT PRO
Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs | IT PRO
Researchers revealed the details of the six vulnerabilities at Balck Hat in August but many laptops, desktops, and workstations remain vulnerable
π’ A breakdown of iOS 16's security features π’
π Read
via "ITPro".
Digital passkeys, faster security updates and a 15-minute window to fix or recall iMessages and emailsπ Read
via "ITPro".
IT PRO
A breakdown of iOS 16's security features | IT PRO
Digital passkeys, faster security updates and a 15-minute window to fix or recall iMessages and emails
π’ What is your digital footprint? π’
π Read
via "ITPro".
Your digital footprint is always growing β so we explore how you can keep it under controlπ Read
via "ITPro".
IT PRO
What is your digital footprint? | IT PRO
Your digital footprint is always growing β so we explore how you can keep it under control
π2
π’ CISA warns against actively exploited Chrome and D-Link security flaws π’
π Read
via "ITPro".
The agency has made it imperative for all FCEB agencies to patch their systems before September 29π Read
via "ITPro".
IT PRO
CISA warns against actively exploited Chrome and D-Link security flaws | IT PRO
The agency has made it imperative for all FCEB agencies to patch their systems before September 29
βΌ CVE-2022-38616 βΌ
π Read
via "National Vulnerability Database".
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.π Read
via "National Vulnerability Database".