‼ CVE-2022-3421 ‼
📖 Read
via "National Vulnerability Database".
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-3368 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40605 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38743 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42147 ‼
📖 Read
via "National Vulnerability Database".
kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41139 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3382 ‼
📖 Read
via "National Vulnerability Database".
HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3517 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42143 ‼
📖 Read
via "National Vulnerability Database".
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41431 ‼
📖 Read
via "National Vulnerability Database".
xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40606 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42149 ‼
📖 Read
via "National Vulnerability Database".
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3552 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42142 ‼
📖 Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.📖 Read
via "National Vulnerability Database".
📢 IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
IT PRO
IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota
Catch up on the biggest headlines of the week in just two minutes
📢 Nvidia's new RTX 4090 is a powerful password-cracking tool 📢
📖 Read
via "ITPro".
Hackers using an array of the consumer-grade GPU could see brute force timings halve📖 Read
via "ITPro".
ITPro
Nvidia's new RTX 4090 is a powerful password-cracking tool
Hackers using an array of the consumer-grade GPU could see brute force timings halve
📢 What is the Data Protection Act 2018? 📢
📖 Read
via "ITPro".
A look at the UK's Data Protection Act and how GDPR fits into the puzzle📖 Read
via "ITPro".
IT PRO
What is the Data Protection Act 2018? | IT PRO
A look at the UK's Data Protection Act and how GDPR fits into the puzzle
📢 Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland 📢
📖 Read
via "ITPro".
The new strain appears to be operating independently of all known hacking groups currently in the region📖 Read
via "ITPro".
ITPro
Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland
The new strain appears to be operating independently of all known hacking groups currently in the region
‼ CVE-2020-8973 ‼
📖 Read
via "National Vulnerability Database".
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3569 ‼
📖 Read
via "National Vulnerability Database".
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8976 ‼
📖 Read
via "National Vulnerability Database".
The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.📖 Read
via "National Vulnerability Database".