βΌ CVE-2022-40282 βΌ
π Read
via "National Vulnerability Database".
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45887 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4091 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36133 βΌ
π Read
via "National Vulnerability Database".
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.π Read
via "National Vulnerability Database".
ποΈ ConnectWise closes XSS vector for remote hijack scams ποΈ
π Read
via "The Daily Swig".
Researchers also applaud abandonment of customization feature abused by scammersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
ConnectWise closes XSS vector for remote hijack scams
Researchers also applaud abandonment of customization feature abused by scammers
βΌ CVE-2022-4141 βΌ
π Read
via "National Vulnerability Database".
The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.π Read
via "National Vulnerability Database".
π΄ Slippery RansomExx Malware Moves to Rust, Evading VirusTotal π΄
π Read
via "Dark Reading".
A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.π Read
via "Dark Reading".
Dark Reading
Slippery RansomExx Malware Moves to Rust, Evading VirusTotal
A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.
β S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text] β
π Read
via "Naked Security".
Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach usπ Read
via "Naked Security".
Naked Security
S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text]
Latest episode β security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
βΌ CVE-2022-38767 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-45040 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45039 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-45037 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44411 βΌ
π Read
via "National Vulnerability Database".
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38377 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38166 βΌ
π Read
via "National Vulnerability Database".
In F?Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45038 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45036 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37720 βΌ
π Read
via "National Vulnerability Database".
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser.π Read
via "National Vulnerability Database".
β Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown β
π Read
via "Naked Security".
Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHINGπ Read
via "Naked Security".
Naked Security
Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown
Those numbers or names that pop up when a call comes up? Theyβre OK as a hint of whoβs calling, but THEY PROVE NOTHING
π1
βΌ CVE-2022-44858 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45208 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.π Read
via "National Vulnerability Database".