‼ CVE-2022-43542 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43541 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
🕴 When Companies Compensate the Hackers, We All Foot the Bill 🕴
📖 Read
via "Dark Reading".
Ensuring stronger in-house defenses is integral to retaining customer loyalty.📖 Read
via "Dark Reading".
Dark Reading
When Companies Compensate the Hackers, We All Foot the Bill
Ensuring stronger in-house defenses is integral to retaining customer loyalty.
🕴 Popular WAFs Subverted by JSON Bypass 🕴
📖 Read
via "Dark Reading".
Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.📖 Read
via "Dark Reading".
Dark Reading
Popular WAFs Subverted by JSON Bypass
Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.
🕴 What We Can't See Can Hurt Us 🕴
📖 Read
via "Dark Reading".
Visibility into every environment, including cloud, enables businesses to mitigate operating risks.📖 Read
via "Dark Reading".
Dark Reading
What We Can't See Can Hurt Us
Visibility into every environment, including cloud, enables businesses to mitigate operating risks.
‼ CVE-2022-44147 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-16891. Reason: This candidate is a reservation duplicate of CVE-2019-16891. Notes: All CVE users should reference CVE-2019-16891 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45043 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45957 ‼
📖 Read
via "National Vulnerability Database".
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45997 ‼
📖 Read
via "National Vulnerability Database".
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45956 ‼
📖 Read
via "National Vulnerability Database".
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45977 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45979 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45980 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45996 ‼
📖 Read
via "National Vulnerability Database".
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep112: Data breaches can haunt you more than once! [Audio + Text] ⚠
📖 Read
via "Naked Security".
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.📖 Read
via "Naked Security".
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
Breaches, exploits, busts, buffer overflows and bug hunting – entertaining and educational in equal measure.
🗓️ Black Hat Europe redux: The top web hacking talks for 2022 🗓️
📖 Read
via "The Daily Swig".
Catch up on the highlights of last week’s cybersecurity conference📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat Europe redux: The top web hacking talks for 2022
Catch up on the highlights of last week’s cybersecurity conference
👍1🔥1
⚠ Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties ⚠
📖 Read
via "Naked Security".
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-3925 ‼
📖 Read
via "National Vulnerability Database".
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3919 ‼
📖 Read
via "National Vulnerability Database".
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".