βΌ CVE-2022-44249 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44254 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44255 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44257 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.π Read
via "National Vulnerability Database".
π΄ Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack π΄
π Read
via "Dark Reading".
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.π Read
via "Dark Reading".
Dark Reading
Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
π΄ Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors π΄
π Read
via "Dark Reading".
The infostealer Auroraβs low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.π Read
via "Dark Reading".
Dark Reading
Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors
The infostealer Auroraβs low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.
π΄ 'Patch Lag' Leaves Millions of Android Devices Vulnerable π΄
π Read
via "Dark Reading".
Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.π Read
via "Dark Reading".
Dark Reading
'Patch Lag' Leaves Millions of Android Devices Vulnerable
Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.
β CryptoRom βpig butcheringβ scam sites seized, suspects arrested in US β
π Read
via "Naked Security".
Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...π Read
via "Naked Security".
Naked Security
Multimillion dollar CryptoRom scam sites seized, suspects arrested in US
Five tips to keep yourself, and your friends and family, out of the clutches of βchopping blockβ scammersβ¦
βΌ CVE-2021-35284 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41922 βΌ
π Read
via "National Vulnerability Database".
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23740 βΌ
π Read
via "National Vulnerability Database".
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40772 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40304 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38113 βΌ
π Read
via "National Vulnerability Database".
This vulnerability discloses build and services versions in the server response header.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35246 βΌ
π Read
via "National Vulnerability Database".
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39833 βΌ
π Read
via "National Vulnerability Database".
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35501 βΌ
π Read
via "National Vulnerability Database".
Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creates post functionality and lower versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36111 βΌ
π Read
via "National Vulnerability Database".
immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40771 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2009-1142 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38115 βΌ
π Read
via "National Vulnerability Database".
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUTπ Read
via "National Vulnerability Database".