‼ CVE-2022-4566 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975.📖 Read
via "National Vulnerability Database".
🕴 Researcher Bypasses Akamai WAF 🕴
📖 Read
via "Dark Reading".
Patched several months ago, researcher reports how they used Spring Boot to sneak past Akamai's firewall and remotely execute code.📖 Read
via "Dark Reading".
Dark Reading
Researcher Bypasses Akamai WAF
Patched several months ago, researcher reports how they used Spring Boot to sneak past Akamai's firewall and remotely execute code.
🕴 Cyber Threats Loom as 5B People Prepare to Watch World Cup Final 🕴
📖 Read
via "Dark Reading".
The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history — but will cybercriminals score a hat trick off its state-of-the-art digital footprint?📖 Read
via "Dark Reading".
Dark Reading
Cyber Threats Loom as 5B People Prepare to Watch World Cup Final
The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history — but will cybercriminals score a hat trick off its state-of-the-art digital footprint?
‼ CVE-2022-26582 ‼
📖 Read
via "National Vulnerability Database".
The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26579 ‼
📖 Read
via "National Vulnerability Database".
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to install an unsigned application by copying the APK to /data/app, setting the appropriate permissions and rebooting the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3157 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31650 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46670 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26580 ‼
📖 Read
via "National Vulnerability Database".
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was discovered to be vulnerable to command injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26581 ‼
📖 Read
via "National Vulnerability Database".
The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows the execution of the systool utility in production mode, allowing unauthenticated attackers to perform privileged actions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38241 ‼
📖 Read
via "National Vulnerability Database".
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23490 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37832 ‼
📖 Read
via "National Vulnerability Database".
Mutiny 7.2.0-10788 suffers from Hardcoded root password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23531 ‼
📖 Read
via "National Vulnerability Database".
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23530 ‼
📖 Read
via "National Vulnerability Database".
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38756 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4567 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4585 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3. This affects an unknown part of the file htdocs/templates2/ocstyle/start.tpl of the component Cookie Handler. The manipulation of the argument usercountryCode leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is c720f2777a452186c67ef30db3679dd409556544. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216171.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4589 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.10 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.11 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4586 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument name_filter/by_filter leads to cross site scripting. The attack can be initiated remotely. The name of the patch is a9f79c7da78cd24a7ef1d298e6bc86006972ea73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216172.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4587 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs/templates2/ocstyle/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".