βΌ CVE-2022-23519 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23527 βΌ
π Read
via "National Vulnerability Database".
mod_auth_openidc is an OpenID CertifiedΓ’βΒ’ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46123 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46073 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-46126 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46120 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44910 βΌ
π Read
via "National Vulnerability Database".
Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46072 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46119 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46127 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46443 βΌ
π Read
via "National Vulnerability Database".
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46124 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23518 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46117 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46256 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46125 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23520 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46121 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.π Read
via "National Vulnerability Database".
π΄ Cybereason WARNS Global Organizations Against Destructive Ransomware Attacks from Black Basta Gang π΄
π Read
via "Dark Reading".
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.π Read
via "Dark Reading".
Dark Reading
Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.