βΌ CVE-2022-41706 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43984 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41958 βΌ
π Read
via "National Vulnerability Database".
super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45205 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0698 βΌ
π Read
via "National Vulnerability Database".
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41712 βΌ
π Read
via "National Vulnerability Database".
Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37721 βΌ
π Read
via "National Vulnerability Database".
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43983 βΌ
π Read
via "National Vulnerability Database".
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45475 βΌ
π Read
via "National Vulnerability Database".
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44860 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.π Read
via "National Vulnerability Database".
π’ Lab-based cyber attacks are no serious threat β yet π’
π Read
via "ITPro".
Thereβs no need to fret when it comes to research-based cyber security threats, but the future is a different matterπ Read
via "ITPro".
ITPro
Lab-based cyber attacks are no serious threat β yet
Thereβs no need to fret when it comes to research-based cyber security threats, but the future is a different matter
π’ Revealed: The top 200 most common passwords of 2022 π’
π Read
via "ITPro".
While the most common passwords worldwide are largely the same, gender and region did have an effect on frequencyπ Read
via "ITPro".
ITPro
Revealed: The top 200 most common passwords of 2022
While the most common passwords worldwide are largely the same, gender and region did have an effect on frequency
π1
π’ Seven realities facing SMBs as they enter a future of increased cyber threats π’
π Read
via "ITPro".
2022 Intel Cybersecurity outlook for small and midsize businessesπ Read
via "ITPro".
ITPro
Seven realities facing SMBs as they enter a future of increased cyber threats
2022 Intel Cybersecurity outlook for small and midsize businesses
π’ How to fix the Blue Screen of Death (BSOD) error in Windows 11 π’
π Read
via "ITPro".
Encountering Windows' dreaded 'blue screen of death' error is never fun, but it's possible to diagnose the problem with a few simple stepsπ Read
via "ITPro".
ITPro
How to fix the blue screen of death error in Windows 11
The blue screen of death in Windows 11 can be frustrating but it's relatively easy to fix
π’ US federal agency breached by Iranian state-backed hackers via Log4Shell exploit π’
π Read
via "ITPro".
The initial intrusion was discovered in February but a full incident response wasn't launched until Juneπ Read
via "ITPro".
ITPro
US federal agency breached by Iranian state-backed hackers via Log4Shell exploit
The initial intrusion was discovered in February but a full incident response wasn't launched until June
π’ The IT Pro Podcast: How secure is metaverse tech? π’
π Read
via "ITPro".
If we're not careful, the risks of this new frontier could outweigh the rewardsπ Read
via "ITPro".
ITPro
The IT Pro Podcast: How secure is metaverse tech?
If we're not careful, the risks of this new frontier could outweigh the rewards
π’ What is data and big data mining? An easy guide π’
π Read
via "ITPro".
You have a lot of data, but how do you find the right data to make a business decision?π Read
via "ITPro".
IT Pro
What is data and big data mining? An easy guide
You have a lot of data, but how do you find the right data to make a business decision?
π’ Wipro launches European cyber security consultancy services π’
π Read
via "ITPro".
The new end-to-end offering follows a string of global acquisitions for Wipro in the consulting spaceπ Read
via "ITPro".
channelpro
Wipro launches European cyber security consultancy services
The new end-to-end offering follows a string of global acquisitions for Wipro in the consulting space
π’ Qatar World Cup apps prompt digital privacy warnings from regulators π’
π Read
via "ITPro".
European regulators have voiced serious concerns over the permissions required by apps Ehteraz and Hayyaπ Read
via "ITPro".
ITPro
Qatar World Cup apps prompt digital privacy warnings from regulators
European regulators have voiced serious concerns over the permissions required by apps Ehteraz and Hayya
π’ 2022 Magic quadrant for Security Information and Event Management (SIEM) π’
π Read
via "ITPro".
SIEM is evolving into a security platform with multiple features and deployment modelsπ Read
via "ITPro".
ITPro
2022 Magic quadrant for Security Information and Event Management (SIEM)
SIEM is evolving into a security platform with multiple features and deployment models
π’ Pro-Russia Killnet hackers claim DDoS attack on EU Parliament website π’
π Read
via "ITPro".
The attack was launched shortly after MEPs voted to brand Russia a state-sponsor of terrorism for its invasion of Ukraineπ Read
via "ITPro".
ITPro
Pro-Russia Killnet hackers claim DDoS attack on EU Parliament website
The attack was launched shortly after MEPs voted to brand Russia a state-sponsor of terrorism for its invasion of Ukraine