βΌ CVE-2022-46119 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46127 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46443 βΌ
π Read
via "National Vulnerability Database".
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46124 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23518 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46117 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46256 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46125 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23520 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46121 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.π Read
via "National Vulnerability Database".
π΄ Cybereason WARNS Global Organizations Against Destructive Ransomware Attacks from Black Basta Gang π΄
π Read
via "Dark Reading".
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.π Read
via "Dark Reading".
Dark Reading
Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.
βΌ CVE-2022-31700 βΌ
π Read
via "National Vulnerability Database".
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31703 βΌ
π Read
via "National Vulnerability Database".
vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31701 βΌ
π Read
via "National Vulnerability Database".
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31705 βΌ
π Read
via "National Vulnerability Database".
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23741 βΌ
π Read
via "National Vulnerability Database".
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31702 βΌ
π Read
via "National Vulnerability Database".
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.π Read
via "National Vulnerability Database".
βοΈ Six Charged in Mass Takedown of DDoS-for-Hire Sites βοΈ
π Read
via "Krebs on Security".
The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold βbooterβ or βstresserβ services β businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.π Read
via "Krebs on Security".
Krebs on Security
Six Charged in Mass Takedown of DDoS-for-Hire Sites
The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold βbooterβ or βstresserβ services β businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knockβ¦
π΄ Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang π΄
π Read
via "Dark Reading".
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.π Read
via "Dark Reading".
Dark Reading
Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.