βΌ CVE-2022-40152 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40153 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40151 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40149 βΌ
π Read
via "National Vulnerability Database".
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3223 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40156 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40150 βΌ
π Read
via "National Vulnerability Database".
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40155 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
π Packet Fence 12.0.0 π
π Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.π Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 12.0.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Friday Five 9/16 π
π Read
via "".
Twitterβs security scandal going from bad to worse and malware spreading through YouTube made headlines this week. Read about these stories and more in this weekβs Friday Five!
π Read
via "".
ποΈ Uber hack linked to hardcoded secrets spotted in powershell script ποΈ
π Read
via "The Daily Swig".
Social engineering attack compromises internal networks and Uberβs bug bounty reportsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Uber hack linked to hardcoded secrets spotted in PowerShell script
Social engineering attack compromises internal networks and Uberβs bug bounty reports
β UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you β
π Read
via "Naked Security".
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"π Read
via "Naked Security".
Naked Security
UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you
Uber is all over the news for a widely-publicised data breach. We help you answer the question, βHow do I stop this happening to me?β
ποΈ NETGEAR resolves router vulnerabilities in bundled gaming component ποΈ
π Read
via "The Daily Swig".
Silicon Valley vendor tackles command injection and MitM-to-RCE issuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NETGEAR resolves router vulnerabilities in bundled gaming component
Silicon Valley vendor tackles command injection and MitM-to-RCE issues
βΌ CVE-2022-38828 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgiπ Read
via "National Vulnerability Database".
βΌ CVE-2022-37250 βΌ
π Read
via "National Vulnerability Database".
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38833 βΌ
π Read
via "National Vulnerability Database".
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-38846 βΌ
π Read
via "National Vulnerability Database".
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38843 βΌ
π Read
via "National Vulnerability Database".
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38823 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38808 βΌ
π Read
via "National Vulnerability Database".
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38827 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgiπ Read
via "National Vulnerability Database".