βΌ CVE-2022-37209 βΌ
π Read
via "National Vulnerability Database".
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3324 βΌ
π Read
via "National Vulnerability Database".
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40199 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41604 βΌ
π Read
via "National Vulnerability Database".
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41571 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40878 βΌ
π Read
via "National Vulnerability Database".
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2022-40352 βΌ
π Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41570 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40353 βΌ
π Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40817 βΌ
π Read
via "National Vulnerability Database".
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31367 βΌ
π Read
via "National Vulnerability Database".
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40816 βΌ
π Read
via "National Vulnerability Database".
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40354 βΌ
π Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40877 βΌ
π Read
via "National Vulnerability Database".
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the Γ’β¬ΛidΓ’β¬β’ parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23006 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37193 βΌ
π Read
via "National Vulnerability Database".
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.π Read
via "National Vulnerability Database".
π’ Infosec Partners announces new XZERO Early Warning System π’
π Read
via "ITPro".
New cyberattack detection service serves up real-time information on suspect activity and advance notice of imminent security incidentsπ Read
via "ITPro".
IT PRO
Infosec Partners announces new XZERO Early Warning System | IT PRO
New cyberattack detection service serves up real-time information on suspect activity and advance notice of imminent security incidents
π’ FARGO ransomware targets vulnerable Microsoft SQL servers in new wave of attacks π’
π Read
via "ITPro".
Victims who don't pay the ransom risk having their stolen files exposed on the threat actor's Telegram channelπ Read
via "ITPro".
ITPro
FARGO ransomware targets vulnerable Microsoft SQL servers in new wave of attacks
Victims who don't pay the ransom risk having their stolen files exposed on the threat actor's Telegram channel
π’ Australia looks to amend privacy rules following Optus data breach π’
π Read
via "ITPro".
The breach is currently being investigated by the Australian Federal Policeπ Read
via "ITPro".
IT PRO
Australia looks to amend privacy rules following Optus data breach | IT PRO
The breach is currently being investigated by the Australian Federal Police
π’ Vectra appoints Nuvias Group as sole UK distributor π’
π Read
via "ITPro".
The AI-based threat detection and response provider will leverage Nuviasβ 1,600-strong UK partner networkπ Read
via "ITPro".
IT PRO
Vectra appoints Nuvias Group as sole UK distributor | IT PRO
The AI-based threat detection and response provider will leverage Nuviasβ 1,600-strong UK partner network
π’ CIO Priorities: 2020 vs 2023 π’
π Read
via "ITPro".
Zero Trust, SaaS Security, and its impact on SD-WAN being a priorityπ Read
via "ITPro".
IT PRO
CIO Priorities: 2020 vs 2023
Zero Trust, SaaS Security, and its impact on SD-WAN being a priority