βΌ CVE-2022-42318 βΌ
π Read
via "National Vulnerability Database".
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transactionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-42325 βΌ
π Read
via "National Vulnerability Database".
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42313 βΌ
π Read
via "National Vulnerability Database".
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transactionπ Read
via "National Vulnerability Database".
β SHA-3 code execution bug patched in PHP β check your version! β
π Read
via "Naked Security".
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!π Read
via "Naked Security".
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
As everyone waits for news of a bug in OpenSSL, hereβs a reminder that other cryptographic code in your life may also need patching!
ποΈ Bug Bounty Radar // The latest bug bounty programs for November 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for November 2022
New web targets for the discerning hacker
βΌ CVE-2022-43082 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43221 βΌ
π Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3790 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Flipbook Plugin and classified as problematic. Affected by this issue is some unknown functionality of the file post.php of the component Edit Post Handler. The manipulation of the argument Shortcode leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212612.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43127 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43076 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43223 βΌ
π Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43086 βΌ
π Read
via "National Vulnerability Database".
Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43079 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43222 βΌ
π Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43084 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3789 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43083 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43126 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3791 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PDF & Print Plugin. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212613 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43124 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43078 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.π Read
via "National Vulnerability Database".