π΄ Slippery RansomExx Malware Moves to Rust, Evading VirusTotal π΄
π Read
via "Dark Reading".
A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.π Read
via "Dark Reading".
Dark Reading
Slippery RansomExx Malware Moves to Rust, Evading VirusTotal
A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.
β S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text] β
π Read
via "Naked Security".
Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach usπ Read
via "Naked Security".
Naked Security
S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text]
Latest episode β security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
βΌ CVE-2022-38767 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-45040 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45039 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-45037 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44411 βΌ
π Read
via "National Vulnerability Database".
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38377 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38166 βΌ
π Read
via "National Vulnerability Database".
In F?Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45038 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45036 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37720 βΌ
π Read
via "National Vulnerability Database".
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser.π Read
via "National Vulnerability Database".
β Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown β
π Read
via "Naked Security".
Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHINGπ Read
via "Naked Security".
Naked Security
Voice-scamming site βiSpoofβ seized, 100s arrested in massive crackdown
Those numbers or names that pop up when a call comes up? Theyβre OK as a hint of whoβs calling, but THEY PROVE NOTHING
π1
βΌ CVE-2022-44858 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45208 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41705 βΌ
π Read
via "National Vulnerability Database".
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45210 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45206 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45476 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45207 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23044 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".