πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44139 β€Ό

Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44256 β€Ό

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44253 β€Ό

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44280 β€Ό

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.

πŸ“– Read

via "National Vulnerability Database".
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44258 β€Ό

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

πŸ“– Read

via "National Vulnerability Database".
238 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44252 β€Ό

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44259 β€Ό

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44249 β€Ό

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.

πŸ“– Read

via "National Vulnerability Database".
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44254 β€Ό

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.

πŸ“– Read

via "National Vulnerability Database".
275 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44255 β€Ό

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.

πŸ“– Read

via "National Vulnerability Database".
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44257 β€Ό

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.

πŸ“– Read

via "National Vulnerability Database".
325 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack πŸ•΄

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors πŸ•΄

The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.

πŸ“– Read

via "Dark Reading".
Dark Reading
Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors
The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.
385 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 'Patch Lag' Leaves Millions of Android Devices Vulnerable πŸ•΄

Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.

πŸ“– Read

via "Dark Reading".
Dark Reading
'Patch Lag' Leaves Millions of Android Devices Vulnerable
Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.
390 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ CryptoRom β€œpig butchering” scam sites seized, suspects arrested in US ⚠

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...

πŸ“– Read

via "Naked Security".
Naked Security
Multimillion dollar CryptoRom scam sites seized, suspects arrested in US
Five tips to keep yourself, and your friends and family, out of the clutches of β€œchopping block” scammers…
377 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35284 β€Ό

SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.

πŸ“– Read

via "National Vulnerability Database".
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41922 β€Ό

`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23740 β€Ό

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.

πŸ“– Read

via "National Vulnerability Database".
312 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40772 β€Ό

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40304 β€Ό

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

πŸ“– Read

via "National Vulnerability Database".
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38113 β€Ό

This vulnerability discloses build and services versions in the server response header.

πŸ“– Read

via "National Vulnerability Database".
257 views