🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
How to hack an unpatched Exchange server with rogue PowerShell code

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
423 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-42896

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

📖 Read

via "National Vulnerability Database".
355 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44250

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.

📖 Read

via "National Vulnerability Database".
299 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44278

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-42895

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

📖 Read

via "National Vulnerability Database".
264 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44251

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.

📖 Read

via "National Vulnerability Database".
256 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

📖 Read

via "National Vulnerability Database".
257 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44260

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.

📖 Read

via "National Vulnerability Database".
248 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

📖 Read

via "National Vulnerability Database".
243 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

📖 Read

via "National Vulnerability Database".
👍2
239 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44139

Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.

📖 Read

via "National Vulnerability Database".
235 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44256

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.

📖 Read

via "National Vulnerability Database".
235 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44253

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.

📖 Read

via "National Vulnerability Database".
233 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44280

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44258

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

📖 Read

via "National Vulnerability Database".
238 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44252

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44259

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

📖 Read

via "National Vulnerability Database".
245 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44249

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.

📖 Read

via "National Vulnerability Database".
259 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44254

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44255

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.

📖 Read

via "National Vulnerability Database".
284 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44257

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.

📖 Read

via "National Vulnerability Database".
325 views