βΌ CVE-2022-4560 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Joget up to 7.0.32. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 8.0-BETA is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46109 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4565 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2966 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47209 βΌ
π Read
via "National Vulnerability Database".
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is Γ’β¬ΕsupportΓ’β¬οΏ½ and cannot be changed by a user via any normally accessible means.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47210 βΌ
π Read
via "National Vulnerability Database".
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3166 βΌ
π Read
via "National Vulnerability Database".
Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the deviceπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47208 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕpuhttpsniffΓ’β¬οΏ½ service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4566 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975.π Read
via "National Vulnerability Database".
π΄ Researcher Bypasses Akamai WAF π΄
π Read
via "Dark Reading".
Patched several months ago, researcher reports how they used Spring Boot to sneak past Akamai's firewall and remotely execute code.π Read
via "Dark Reading".
Dark Reading
Researcher Bypasses Akamai WAF
Patched several months ago, researcher reports how they used Spring Boot to sneak past Akamai's firewall and remotely execute code.
π΄ Cyber Threats Loom as 5B People Prepare to Watch World Cup Final π΄
π Read
via "Dark Reading".
The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history β but will cybercriminals score a hat trick off its state-of-the-art digital footprint?π Read
via "Dark Reading".
Dark Reading
Cyber Threats Loom as 5B People Prepare to Watch World Cup Final
The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history β but will cybercriminals score a hat trick off its state-of-the-art digital footprint?
βΌ CVE-2022-26582 βΌ
π Read
via "National Vulnerability Database".
The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26579 βΌ
π Read
via "National Vulnerability Database".
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to install an unsigned application by copying the APK to /data/app, setting the appropriate permissions and rebooting the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3157 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-31650 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46670 βΌ
π Read
via "National Vulnerability Database".
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26580 βΌ
π Read
via "National Vulnerability Database".
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was discovered to be vulnerable to command injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26581 βΌ
π Read
via "National Vulnerability Database".
The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows the execution of the systool utility in production mode, allowing unauthenticated attackers to perform privileged actions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38241 βΌ
π Read
via "National Vulnerability Database".
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23490 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37832 βΌ
π Read
via "National Vulnerability Database".
Mutiny 7.2.0-10788 suffers from Hardcoded root password.π Read
via "National Vulnerability Database".