‼ CVE-2022-45957 ‼
📖 Read
via "National Vulnerability Database".
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45997 ‼
📖 Read
via "National Vulnerability Database".
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45956 ‼
📖 Read
via "National Vulnerability Database".
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45977 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45979 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45980 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45996 ‼
📖 Read
via "National Vulnerability Database".
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep112: Data breaches can haunt you more than once! [Audio + Text] ⚠
📖 Read
via "Naked Security".
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.📖 Read
via "Naked Security".
Naked Security
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
Breaches, exploits, busts, buffer overflows and bug hunting – entertaining and educational in equal measure.
🗓️ Black Hat Europe redux: The top web hacking talks for 2022 🗓️
📖 Read
via "The Daily Swig".
Catch up on the highlights of last week’s cybersecurity conference📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat Europe redux: The top web hacking talks for 2022
Catch up on the highlights of last week’s cybersecurity conference
👍1🔥1
⚠ Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties ⚠
📖 Read
via "Naked Security".
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-3925 ‼
📖 Read
via "National Vulnerability Database".
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3919 ‼
📖 Read
via "National Vulnerability Database".
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3605 ‼
📖 Read
via "National Vulnerability Database".
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3880 ‼
📖 Read
via "National Vulnerability Database".
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org📖 Read
via "National Vulnerability Database".
👎1
‼ CVE-2022-3853 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3883 ‼
📖 Read
via "National Vulnerability Database".
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4311 ‼
📖 Read
via "National Vulnerability Database".
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3934 ‼
📖 Read
via "National Vulnerability Database".
The Flat PM WordPress plugin through 2.661 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3882 ‼
📖 Read
via "National Vulnerability Database".
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4004 ‼
📖 Read
via "National Vulnerability Database".
The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4016 ‼
📖 Read
via "National Vulnerability Database".
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks📖 Read
via "National Vulnerability Database".