‼ CVE-2022-42147 ‼
📖 Read
via "National Vulnerability Database".
kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41139 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3382 ‼
📖 Read
via "National Vulnerability Database".
HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3517 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42143 ‼
📖 Read
via "National Vulnerability Database".
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41431 ‼
📖 Read
via "National Vulnerability Database".
xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40606 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42149 ‼
📖 Read
via "National Vulnerability Database".
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3552 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42142 ‼
📖 Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.📖 Read
via "National Vulnerability Database".
📢 IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
IT PRO
IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota
Catch up on the biggest headlines of the week in just two minutes
📢 Nvidia's new RTX 4090 is a powerful password-cracking tool 📢
📖 Read
via "ITPro".
Hackers using an array of the consumer-grade GPU could see brute force timings halve📖 Read
via "ITPro".
ITPro
Nvidia's new RTX 4090 is a powerful password-cracking tool
Hackers using an array of the consumer-grade GPU could see brute force timings halve
📢 What is the Data Protection Act 2018? 📢
📖 Read
via "ITPro".
A look at the UK's Data Protection Act and how GDPR fits into the puzzle📖 Read
via "ITPro".
IT PRO
What is the Data Protection Act 2018? | IT PRO
A look at the UK's Data Protection Act and how GDPR fits into the puzzle
📢 Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland 📢
📖 Read
via "ITPro".
The new strain appears to be operating independently of all known hacking groups currently in the region📖 Read
via "ITPro".
ITPro
Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland
The new strain appears to be operating independently of all known hacking groups currently in the region
‼ CVE-2020-8973 ‼
📖 Read
via "National Vulnerability Database".
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3569 ‼
📖 Read
via "National Vulnerability Database".
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8976 ‼
📖 Read
via "National Vulnerability Database".
The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8974 ‼
📖 Read
via "National Vulnerability Database".
In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8975 ‼
📖 Read
via "National Vulnerability Database".
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system.📖 Read
via "National Vulnerability Database".
👏1
‼ CVE-2022-3158 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39058 ‼
📖 Read
via "National Vulnerability Database".
RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.📖 Read
via "National Vulnerability Database".