βΌ CVE-2021-4258 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4107 βΌ
π Read
via "National Vulnerability Database".
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the serverπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4112 βΌ
π Read
via "National Vulnerability Database".
The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-4108 βΌ
π Read
via "National Vulnerability Database".
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3986 βΌ
π Read
via "National Vulnerability Database".
The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4125 βΌ
π Read
via "National Vulnerability Database".
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as wellπ Read
via "National Vulnerability Database".
βΌ CVE-2020-36619 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4058 βΌ
π Read
via "National Vulnerability Database".
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4124 βΌ
π Read
via "National Vulnerability Database".
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete themπ Read
via "National Vulnerability Database".
π΄ Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas π΄
π Read
via "Dark Reading".
Leading global education provider engages with Bugcrowd Security Researchers to identify threats.π Read
via "Dark Reading".
Dark Reading
Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas
Leading global education provider engages with Bugcrowd Security Researchers to identify threats.
π΄ Security Skills Command Premiums in Tight Market π΄
π Read
via "Dark Reading".
Recession fears notwithstanding, cybersecurity skills β both credentialed and noncredentialed β continue to attract higher pay and more job security.π Read
via "Dark Reading".
Dark Reading
Security Skills Command Premiums in Tight Market
Recession fears notwithstanding, cybersecurity skills β both credentialed and noncredentialed β continue to attract higher pay and more job security.
π’ The IT Pro Podcast: Surveying today's threat landscape π’
π Read
via "ITPro".
With an expanding attack surface, can you afford to neglect detection in favour of response?π Read
via "ITPro".
ITPro
The IT Pro Podcast: Surveying today's threat landscape
With an expanding attack surface, can you afford to neglect detection in favour of response?
π’ Podcast transcript: Surveying today's threat landscape π’
π Read
via "ITPro".
Read the full transcript for this episode of the IT Pro Podcastπ Read
via "ITPro".
ITPro
Podcast transcript: Surveying today's threat landscape
Read the full transcript for this episode of the IT Pro Podcast
π’ World Cup security expert says devices have "a huge potential to be abusedβ π’
π Read
via "ITPro".
As audiences prepare for the World Cup final, fans have been urged to remain vigilant for cyber threats and potential disruptionπ Read
via "ITPro".
ITPro
World Cup security expert says devices have "a huge potential to be abusedβ
As audiences prepare for the World Cup final, fans have been urged to remain vigilant for cyber threats and potential disruption
π’ Asian countries dominate list of least cyber-secure remote working locations π’
π Read
via "ITPro".
The research aimed to highlight the security risks of post-pandemic 'workations'π Read
via "ITPro".
ITPro
Asian countries dominate list of least cyber-secure remote working locations
The research aimed to highlight the security risks of post-pandemic 'workations'
π’ βHigh severityβ vulnerabilities uncovered in three-quarters of operational technology systems π’
π Read
via "ITPro".
OT vulnerabilities could be putting national infrastructure at risk, Microsoft warnedπ Read
via "ITPro".
ITPro
βHigh severityβ vulnerabilities uncovered in three-quarters of operational technology systems
OT vulnerabilities could be putting national infrastructure at risk, Microsoft warned
π’ US begins seizure of 48 DDoS-for-hire services following global investigation π’
π Read
via "ITPro".
Six people have been arrested who allegedly oversaw computer attacks launched using bootersπ Read
via "ITPro".
ITPro
US begins seizure of 48 DDoS-for-hire services following global investigation
Six people have been arrested who allegedly oversaw computer attacks launched using booters
βΌ CVE-2022-4610 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4612 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42947 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4613 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275.π Read
via "National Vulnerability Database".