‼ CVE-2022-44020 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44022 ‼
📖 Read
via "National Vulnerability Database".
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44023 ‼
📖 Read
via "National Vulnerability Database".
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response timings for authentication attempts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3766 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3765 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.📖 Read
via "National Vulnerability Database".
🗓️ SQLite patches 22-year-old code execution, denial of service vulnerability 🗓️
📖 Read
via "The Daily Swig".
Dormant 32 bit-era coding flaw causes problems for 64-bit systems📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQLite patches 22-year-old code execution, denial of service vulnerability
Dormant 32 bit-era coding flaw causes problems for 64-bit systems
‼ CVE-2022-3772 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3771 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3770 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.📖 Read
via "National Vulnerability Database".
📢 IT Pro News: Medibank cyber attack, Microsoft record cloud revenue, See Tickets data breach 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
ITPro
IT Pro News: Medibank cyber attack, Microsoft record cloud revenue, See Tickets data breach
Catch up on the biggest headlines of the week in just two minutes
📢 UK police fails ethical tests with "unlawful" facial recognition deployments 📢
📖 Read
via "ITPro".
A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings📖 Read
via "ITPro".
ITPro
UK police fails ethical tests with "unlawful" facial recognition deployments
A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings
📢 Real-time deepfakes are becoming a serious threat 📢
📖 Read
via "ITPro".
Video calls between leading politicians and the deepfaked mayor of Kyiv, Vitali Klitschko, will raise new trust issues📖 Read
via "ITPro".
ITPro
Real-time deepfakes are becoming a serious threat
Video calls between leading politicians and the deepfaked mayor of Kyiv, Vitali Klitschko, will raise new trust issues
📢 Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware 📢
📖 Read
via "ITPro".
The worm was first reported in May 2022 and has evolved into one of the largest malware distribution platforms currently active📖 Read
via "ITPro".
ITPro
Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware
The worm was first reported in May 2022 and has evolved into one of the largest malware distribution platforms currently active
⚠ Psychotherapy extortion suspect: arrest warrant issued ⚠
📖 Read
via "Naked Security".
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.📖 Read
via "Naked Security".
Naked Security
Psychotherapy extortion suspect: arrest warrant issued
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
‼ CVE-2022-3360 ‼
📖 Read
via "National Vulnerability Database".
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2190 ‼
📖 Read
via "National Vulnerability Database".
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3380 ‼
📖 Read
via "National Vulnerability Database".
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3774 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3440 ‼
📖 Read
via "National Vulnerability Database".
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2627 ‼
📖 Read
via "National Vulnerability Database".
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3408 ‼
📖 Read
via "National Vulnerability Database".
The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.📖 Read
via "National Vulnerability Database".