πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-42143 β€Ό

Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41431 β€Ό

xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

πŸ“– Read

via "National Vulnerability Database".
189 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40606 β€Ό

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-42149 β€Ό

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3552 β€Ό

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-42142 β€Ό

Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota πŸ“’

Catch up on the biggest headlines of the week in just two minutes

πŸ“– Read

via "ITPro".
IT PRO
IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota
Catch up on the biggest headlines of the week in just two minutes
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Nvidia's new RTX 4090 is a powerful password-cracking tool πŸ“’

Hackers using an array of the consumer-grade GPU could see brute force timings halve

πŸ“– Read

via "ITPro".
ITPro
Nvidia's new RTX 4090 is a powerful password-cracking tool
Hackers using an array of the consumer-grade GPU could see brute force timings halve
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ What is the Data Protection Act 2018? πŸ“’

A look at the UK's Data Protection Act and how GDPR fits into the puzzle

πŸ“– Read

via "ITPro".
IT PRO
What is the Data Protection Act 2018? | IT PRO
A look at the UK's Data Protection Act and how GDPR fits into the puzzle
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland πŸ“’

The new strain appears to be operating independently of all known hacking groups currently in the region

πŸ“– Read

via "ITPro".
ITPro
Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland
The new strain appears to be operating independently of all known hacking groups currently in the region
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-8973 β€Ό

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.

πŸ“– Read

via "National Vulnerability Database".
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3569 β€Ό

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-8976 β€Ό

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-8974 β€Ό

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.

πŸ“– Read

via "National Vulnerability Database".
314 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-8975 β€Ό

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
397 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3158 β€Ό

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.

πŸ“– Read

via "National Vulnerability Database".
458 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39058 β€Ό

RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.

πŸ“– Read

via "National Vulnerability Database".
400 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39055 β€Ό

RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.

πŸ“– Read

via "National Vulnerability Database".
443 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39056 β€Ό

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.

πŸ“– Read

via "National Vulnerability Database".
440 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39057 β€Ό

RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service.

πŸ“– Read

via "National Vulnerability Database".
413 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Mastercard To Bring Crypto Trading Capabilities To Banks πŸ•΄

New Crypto Source program extends Mastercard’s safe, secure, and trusted services.

πŸ“– Read

via "Dark Reading".
Dark Reading
Mastercard To Bring Crypto Trading Capabilities To Banks
New Crypto Source program extends Mastercard’s safe, secure, and trusted services.
341 views