‼ CVE-2022-38147 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23592 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23591 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37430 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23588 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ".📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40770 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36337 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34830 ‼
📖 Read
via "National Vulnerability Database".
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23586 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41446 ‼
📖 Read
via "National Vulnerability Database".
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38145 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35500 ‼
📖 Read
via "National Vulnerability Database".
Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42095 ‼
📖 Read
via "National Vulnerability Database".
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45472 ‼
📖 Read
via "National Vulnerability Database".
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46854 ‼
📖 Read
via "National Vulnerability Database".
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4045 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4019 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45462 ‼
📖 Read
via "National Vulnerability Database".
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-4044 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.📖 Read
via "National Vulnerability Database".
🕴 Where Are We Heading With Data Privacy Regulations? 🕴
📖 Read
via "Dark Reading".
New laws have made the current US privacy landscape increasingly complex.📖 Read
via "Dark Reading".
Dark Reading
Where Are We Heading With Data Privacy Regulations?
New laws have made the current US privacy landscape increasingly complex.
🛠 Zeek 5.0.4 🛠
📖 Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 5.0.4 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers