‼ CVE-2022-44172 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44830 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38755 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40746 ‼
📖 Read
via "National Vulnerability Database".
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45422 ‼
📖 Read
via "National Vulnerability Database".
When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44178 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44177 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44175 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44176 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.📖 Read
via "National Vulnerability Database".
🕴 Name That Toon: Fall Cleanup 🕴
📖 Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Toon: Fall Cleanup
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 Investors Are Pouring Cash Into These 10 Cybersecurity Startups 🕴
📖 Read
via "Dark Reading".
Following the dollars reveals pen-test and intrusion-detection startups are the most attractive to investors right now, collectively getting more than $3 billion in funding.📖 Read
via "Dark Reading".
Dark Reading
Investors Are Pouring Cash Into These 10 Cybersecurity Startups
Following the dollars reveals pen-test and intrusion-detection startups are the most attractive to investors right now, collectively getting more than $3 billion in funding.
🕴 Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight 🕴
📖 Read
via "Dark Reading".
Luna Moth is relying solely on call-back phishing, as well as legitimate tools, to steal data and extract ransoms from victims of all stripes in an expanding cyberattack effort.📖 Read
via "Dark Reading".
Dark Reading
Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight
Luna Moth is relying solely on call-back phishing, as well as legitimate tools, to steal data and extract ransoms from victims of all stripes in an expanding cyberattack effort.
🕴 Google Releases YARA Rules to Disrupt Cobalt Strike Abuse 🕴
📖 Read
via "Dark Reading".
The popular pen-testing tool is often cracked and repurposed by threat actors. Google now has a plan to address that.📖 Read
via "Dark Reading".
Dark Reading
Google Releases YARA Rules to Disrupt Cobalt Strike Abuse
The popular pen-testing tool is often cracked and repurposed by threat actors. Google now has a plan to address that.
🕴 Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA 🕴
📖 Read
via "Dark Reading".
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections.
‼ CVE-2022-3388 ‼
📖 Read
via "National Vulnerability Database".
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4105 ‼
📖 Read
via "National Vulnerability Database".
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.📖 Read
via "National Vulnerability Database".
🕴 Identity Security Needs Humans and AI Working Hand in Hand 🕴
📖 Read
via "Dark Reading".
In the cybersecurity world, augmenting the human touch with artificial intelligence has produced extremely positive results.📖 Read
via "Dark Reading".
Darkreading
Identity Security Needs Humans and AI Working Hand in Hand
In the cybersecurity world, augmenting the human touch with artificial intelligence has produced extremely positive results.
‼ CVE-2022-42096 ‼
📖 Read
via "National Vulnerability Database".
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43143 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30257 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30258 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.📖 Read
via "National Vulnerability Database".