βΌ CVE-2022-45476 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45207 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23044 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38813 βΌ
π Read
via "National Vulnerability Database".
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45218 βΌ
π Read
via "National Vulnerability Database".
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41706 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43984 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41958 βΌ
π Read
via "National Vulnerability Database".
super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45205 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0698 βΌ
π Read
via "National Vulnerability Database".
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41712 βΌ
π Read
via "National Vulnerability Database".
Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37721 βΌ
π Read
via "National Vulnerability Database".
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43983 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45475 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44860 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.π Read
via "National Vulnerability Database".
π’ Lab-based cyber attacks are no serious threat β yet π’
π Read
via "ITPro".
Thereβs no need to fret when it comes to research-based cyber security threats, but the future is a different matterπ Read
via "ITPro".
ITPro
Lab-based cyber attacks are no serious threat β yet
Thereβs no need to fret when it comes to research-based cyber security threats, but the future is a different matter
π’ Revealed: The top 200 most common passwords of 2022 π’
π Read
via "ITPro".
While the most common passwords worldwide are largely the same, gender and region did have an effect on frequencyπ Read
via "ITPro".
ITPro
Revealed: The top 200 most common passwords of 2022
While the most common passwords worldwide are largely the same, gender and region did have an effect on frequency
π1
π’ Seven realities facing SMBs as they enter a future of increased cyber threats π’
π Read
via "ITPro".
2022 Intel Cybersecurity outlook for small and midsize businessesπ Read
via "ITPro".
ITPro
Seven realities facing SMBs as they enter a future of increased cyber threats
2022 Intel Cybersecurity outlook for small and midsize businesses
π’ How to fix the Blue Screen of Death (BSOD) error in Windows 11 π’
π Read
via "ITPro".
Encountering Windows' dreaded 'blue screen of death' error is never fun, but it's possible to diagnose the problem with a few simple stepsπ Read
via "ITPro".
ITPro
How to fix the blue screen of death error in Windows 11
The blue screen of death in Windows 11 can be frustrating but it's relatively easy to fix
π’ US federal agency breached by Iranian state-backed hackers via Log4Shell exploit π’
π Read
via "ITPro".
The initial intrusion was discovered in February but a full incident response wasn't launched until Juneπ Read
via "ITPro".
ITPro
US federal agency breached by Iranian state-backed hackers via Log4Shell exploit
The initial intrusion was discovered in February but a full incident response wasn't launched until June
π’ The IT Pro Podcast: How secure is metaverse tech? π’
π Read
via "ITPro".
If we're not careful, the risks of this new frontier could outweigh the rewardsπ Read
via "ITPro".
ITPro
The IT Pro Podcast: How secure is metaverse tech?
If we're not careful, the risks of this new frontier could outweigh the rewards