βΌ CVE-2022-38843 βΌ
π Read
via "National Vulnerability Database".
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38823 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38808 βΌ
π Read
via "National Vulnerability Database".
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38827 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgiπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3176 βΌ
π Read
via "National Vulnerability Database".
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659π Read
via "National Vulnerability Database".
βΌ CVE-2021-42949 βΌ
π Read
via "National Vulnerability Database".
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38844 βΌ
π Read
via "National Vulnerability Database".
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38845 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38831 βΌ
π Read
via "National Vulnerability Database".
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlListπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38829 βΌ
π Read
via "National Vulnerability Database".
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38826 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38830 βΌ
π Read
via "National Vulnerability Database".
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38832 βΌ
π Read
via "National Vulnerability Database".
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.π Read
via "National Vulnerability Database".
βοΈ Botched Crypto Mugging Lands Three U.K. Men in Jail βοΈ
π Read
via "Krebs on Security".
Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies. π Read
via "Krebs on Security".
Krebs on Security
Botched Crypto Mugging Lands Three U.K. Men in Jail
Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, andβ¦
βΌ CVE-2022-35193 βΌ
π Read
via "National Vulnerability Database".
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40337 βΌ
π Read
via "National Vulnerability Database".
OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38878 βΌ
π Read
via "National Vulnerability Database".
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42597 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3225 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38409 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42948 βΌ
π Read
via "National Vulnerability Database".
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.π Read
via "National Vulnerability Database".