🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43319 ‼

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.

📖 Read

via "National Vulnerability Database".
324 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43352 ‼

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote.

📖 Read

via "National Vulnerability Database".
299 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44049 ‼

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44052 ‼

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
255 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-42990 ‼

Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.

📖 Read

via "National Vulnerability Database".
243 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44050 ‼

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43304 ‼

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
236 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38163 ‼

WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 2 of 5).

📖 Read

via "National Vulnerability Database".
233 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44048 ‼

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
228 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3878 ‼

A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42205 ‼

ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43351 ‼

Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43318 ‼

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.

📖 Read

via "National Vulnerability Database".
228 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43303 ‼

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
238 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44054 ‼

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43350 ‼

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.

📖 Read

via "National Vulnerability Database".
287 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43305 ‼

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
355 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44053 ‼

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0.

📖 Read

via "National Vulnerability Database".
400 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43317 ‼

A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

📖 Read

via "National Vulnerability Database".
463 views
🛡 Cybersecurity & Privacy 🛡 - News
⚠ Public URL scanning tools – when security leads to insecurity ⚠

Never make your users cry/By how you use an API

📖 Read

via "Naked Security".
Naked Security
Public URL scanning tools – when security leads to insecurity
Never make your users cry/By how you use an API
511 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3872 ‼

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

📖 Read

via "National Vulnerability Database".
575 views