βΌ CVE-2022-2508 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2782 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.π Read
via "National Vulnerability Database".
π1
π Wireshark Analyzer 4.0.1 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNUnet P2P Framework 0.18.0 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.18.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ GitHub patches bug that could allow access to another userβs repo ποΈ
π Read
via "The Daily Swig".
Renaming accounts opened the door to hijackingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitHub patches bug that could allow access to another userβs repo
Renaming accounts opened the door to hijacking
βΌ CVE-2022-2809 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36182 βΌ
π Read
via "National Vulnerability Database".
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3409 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42992 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.π Read
via "National Vulnerability Database".
π2
β Online ticketing company βSeeβ pwned for 2.5 years by attackers β
π Read
via "Naked Security".
Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
βΌ CVE-2022-39330 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42991 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38744 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39364 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42993 βΌ
π Read
via "National Vulnerability Database".
Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39329 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39365 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.π Read
via "National Vulnerability Database".
β S3 Ep106: Facial recognition without consent β should it be banned? β
π Read
via "Naked Security".
Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!π Read
via "Naked Security".
Naked Security
S3 Ep106: Facial recognition without consent β should it be banned?
Latest episode β listen (or read) now. Teachable moments for X-Ops professionals!
βΌ CVE-2022-40184 βΌ
π Read
via "National Vulnerability Database".
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24670 βΌ
π Read
via "National Vulnerability Database".
An attacker can use the unrestricted LDAP queries to determine configuration entriesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-41996 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.π Read
via "National Vulnerability Database".