βΌ CVE-2021-42949 βΌ
π Read
via "National Vulnerability Database".
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38844 βΌ
π Read
via "National Vulnerability Database".
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38845 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38831 βΌ
π Read
via "National Vulnerability Database".
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlListπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38829 βΌ
π Read
via "National Vulnerability Database".
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38826 βΌ
π Read
via "National Vulnerability Database".
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38830 βΌ
π Read
via "National Vulnerability Database".
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38832 βΌ
π Read
via "National Vulnerability Database".
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.π Read
via "National Vulnerability Database".
βοΈ Botched Crypto Mugging Lands Three U.K. Men in Jail βοΈ
π Read
via "Krebs on Security".
Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies. π Read
via "Krebs on Security".
Krebs on Security
Botched Crypto Mugging Lands Three U.K. Men in Jail
Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, andβ¦
βΌ CVE-2022-35193 βΌ
π Read
via "National Vulnerability Database".
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40337 βΌ
π Read
via "National Vulnerability Database".
OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38878 βΌ
π Read
via "National Vulnerability Database".
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42597 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3225 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38409 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42948 βΌ
π Read
via "National Vulnerability Database".
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35195 βΌ
π Read
via "National Vulnerability Database".
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38412 βΌ
π Read
via "National Vulnerability Database".
Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37775 βΌ
π Read
via "National Vulnerability Database".
Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38877 βΌ
π Read
via "National Vulnerability Database".
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37248 βΌ
π Read
via "National Vulnerability Database".
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.π Read
via "National Vulnerability Database".