βΌ CVE-2022-23748 βΌ
π Read
via "National Vulnerability Database".
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36787 βΌ
π Read
via "National Vulnerability Database".
Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41775 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Networkπ Read
via "National Vulnerability Database".
βΌ CVE-2022-28766 βΌ
π Read
via "National Vulnerability Database".
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20460 βΌ
π Read
via "National Vulnerability Database".
In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36905 βΌ
π Read
via "National Vulnerability Database".
Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43332 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43447 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Networkπ Read
via "National Vulnerability Database".
βΌ CVE-2022-41315 βΌ
π Read
via "National Vulnerability Database".
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28768 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41791 βΌ
π Read
via "National Vulnerability Database".
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45069 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44591 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43096 βΌ
π Read
via "National Vulnerability Database".
Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39181 βΌ
π Read
via "National Vulnerability Database".
GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43506 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Networkπ Read
via "National Vulnerability Database".
βΌ CVE-2022-42533 βΌ
π Read
via "National Vulnerability Database".
In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/Aπ Read
via "National Vulnerability Database".
ποΈ Ibexa DXP patched for GraphQL password hash leak vulnerability ποΈ
π Read
via "The Daily Swig".
Organizations advised to mandate password resets out of cautionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ibexa DXP patched for GraphQL password hash leak vulnerability
Organizations advised to mandate password resets out of caution
π΄ The Next Generation of Supply Chain Attacks Is Here to Stay π΄
π Read
via "Dark Reading".
With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap.π Read
via "Dark Reading".
Dark Reading
The Next Generation of Supply Chain Attacks Is Here to Stay
With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap.
π΄ County of Tehama, Calif., Identifies and Addresses Data Security Incident π΄
π Read
via "Dark Reading".
The county reports unauthorized access to files in its Department of Social Services' systems between Nov. 18, 2021, and April 9. It has added enhanced alert and monitoring software and is offering complimentary credit monitoring and identity theft protection services to those whose personal information may have been compromised in the breach.π Read
via "Dark Reading".
Dark Reading
County of Tehama, Calif., Identifies and Addresses Data Security Incident
The county reports unauthorized access to files in its Department of Social Services' systems between Nov. 18, 2021, and April 9. It has added enhanced alert and monitoring software and is offering complimentary credit monitoring and identity theft protectionβ¦
β Black Friday and retail season β watch out for PayPal βmoney requestβ scams β
π Read
via "Naked Security".
Don't let a keen eye for bargains lead you into risky online behaviour...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1