‼ CVE-2022-39833 ‼
📖 Read
via "National Vulnerability Database".
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35501 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creates post functionality and lower versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36111 ‼
📖 Read
via "National Vulnerability Database".
immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40771 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2009-1142 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38115 ‼
📖 Read
via "National Vulnerability Database".
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38114 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2009-1143 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).📖 Read
via "National Vulnerability Database".
🕴 Why Africa's Telecoms Must Actively Collaborate to Combat Fraud 🕴
📖 Read
via "Dark Reading".
Unique conditions contribute to outsized telecom fraud across the continent, but working together can bring solutions.📖 Read
via "Dark Reading".
Dark Reading
Why Africa's Telecoms Must Actively Collaborate to Combat Fraud
Unique conditions contribute to outsized telecom fraud across the continent, but working together can bring solutions.
🕴 How Development Teams Should Respond to Text4Shell 🕴
📖 Read
via "Dark Reading".
Yet another *4Shell exploit highlights the horror of strange visitors into enterprise environments. This Tech Tip focuses on what to do next.📖 Read
via "Dark Reading".
Dark Reading
How Development Teams Should Respond to Text4Shell
Yet another *4Shell exploit highlights the horror of strange visitors into enterprise environments. This Tech Tip focuses on what to do next.
‼ CVE-2022-44117 ‼
📖 Read
via "National Vulnerability Database".
Boa 0.94.14rc21 is vulnerable to SQL Injection via username.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44120 ‼
📖 Read
via "National Vulnerability Database".
dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45868 ‼
📖 Read
via "National Vulnerability Database".
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44789 ‼
📖 Read
via "National Vulnerability Database".
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.1 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41933 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the "Forgot your password" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It's also possible for administrators to set some properties for the migration: it's possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won't be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45276 ‼
📖 Read
via "National Vulnerability Database".
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45872 ‼
📖 Read
via "National Vulnerability Database".
iTerm2 before 3.4.18 mishandles a DECRQSS response.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44118 ‼
📖 Read
via "National Vulnerability Database".
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43196 ‼
📖 Read
via "National Vulnerability Database".
dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45280 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41932 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
👍1