β Silk Road drugs market hacker pleads guilty, faces 20 years inside β
π Read
via "Naked Security".
Jurisprudence isn't like arithmetic... two negatives never make a positive!π Read
via "Naked Security".
Naked Security
Silk Road drugs market hacker pleads guilty, faces 20 years inside
Jurisprudence isnβt like arithmeticβ¦ two negatives never make a positive!
βΌ CVE-2022-44556 βΌ
π Read
via "National Vulnerability Database".
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40303 βΌ
π Read
via "National Vulnerability Database".
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39069 βΌ
π Read
via "National Vulnerability Database".
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.π Read
via "National Vulnerability Database".
π’ LockBit repeats 'PR stunt' as Thales ransomware investigation reveals no breach π’
π Read
via "ITPro".
The ransomware group threatened to leak stolen data on the dark web, but Thales denies any attack occurredπ Read
via "ITPro".
ITPro
LockBit repeats 'PR stunt' as Thales ransomware investigation reveals no breach
The ransomware group threatened to leak stolen data on the dark web, but Thales denies any attack occurred
π’ Microsoft says βitβs just too difficultβ to effectively disrupt ransomware π’
π Read
via "ITPro".
The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economyπ Read
via "ITPro".
ITPro
Microsoft says βitβs just too difficultβ to effectively disrupt ransomware
The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
π’ Continental 'held to ransom', refuses to confirm if LockBit has stolen data π’
π Read
via "ITPro".
The ransomware group is threatening to leak the data it has on the German manufacturer tonight if a ransom isn't paidπ Read
via "ITPro".
ITPro
Continental 'held to ransom', refuses to confirm if LockBit has stolen data
The ransomware group is threatening to leak the data it has on the German manufacturer tonight if a ransom isn't paid
βΌ CVE-2022-41980 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44741 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40205 βΌ
π Read
via "National Vulnerability Database".
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42494 βΌ
π Read
via "National Vulnerability Database".
Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40223 βΌ
π Read
via "National Vulnerability Database".
Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43491 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30545 βΌ
π Read
via "National Vulnerability Database".
Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39377 βΌ
π Read
via "National Vulnerability Database".
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40206 βΌ
π Read
via "National Vulnerability Database".
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27855 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33321 βΌ
π Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38137 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27914 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43481 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.π Read
via "National Vulnerability Database".