‼ CVE-2020-23584 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38147 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23592 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23591 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37430 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23588 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ".📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40770 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36337 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34830 ‼
📖 Read
via "National Vulnerability Database".
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23586 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41446 ‼
📖 Read
via "National Vulnerability Database".
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38145 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35500 ‼
📖 Read
via "National Vulnerability Database".
Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42095 ‼
📖 Read
via "National Vulnerability Database".
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45472 ‼
📖 Read
via "National Vulnerability Database".
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46854 ‼
📖 Read
via "National Vulnerability Database".
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4045 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4019 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45462 ‼
📖 Read
via "National Vulnerability Database".
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-4044 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.📖 Read
via "National Vulnerability Database".
🕴 Where Are We Heading With Data Privacy Regulations? 🕴
📖 Read
via "Dark Reading".
New laws have made the current US privacy landscape increasingly complex.📖 Read
via "Dark Reading".
Dark Reading
Where Are We Heading With Data Privacy Regulations?
New laws have made the current US privacy landscape increasingly complex.