π΄ CSAF Is the Future of Vulnerability Management π΄
π Read
via "Dark Reading".
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.π Read
via "Dark Reading".
Dark Reading
CSAF Is the Future of Vulnerability Management
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.
π΄ Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware π΄
π Read
via "Dark Reading".
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.π Read
via "Dark Reading".
Dark Reading
Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.
π1
βΌ CVE-2022-46071 βΌ
π Read
via "National Vulnerability Database".
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46074 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23519 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23527 βΌ
π Read
via "National Vulnerability Database".
mod_auth_openidc is an OpenID CertifiedΓ’βΒ’ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46123 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46073 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-46126 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46120 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44910 βΌ
π Read
via "National Vulnerability Database".
Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46072 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46119 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46127 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46443 βΌ
π Read
via "National Vulnerability Database".
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46124 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23518 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46117 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46256 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46125 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23520 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.π Read
via "National Vulnerability Database".