βΌ CVE-2022-3185 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3186 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the deviceΓ’β¬β’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3184 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the deviceΓ’β¬β’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3188 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3187 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3183 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3189 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter.π Read
via "National Vulnerability Database".
π cryptmount Filesystem Manager 6.1.1 π
π Read
via "Packet Storm Security".
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.π Read
via "Packet Storm Security".
Packetstormsecurity
cryptmount Filesystem Manager 6.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-41654 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41697 βΌ
π Read
via "National Vulnerability Database".
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36624 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36625 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
ποΈ Zoom Whiteboard patches XSS bug ποΈ
π Read
via "The Daily Swig".
Video conferencing platform fixes cross-site scripting vulnerabilityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zoom Whiteboard patches XSS bug
Video conferencing platform fixes cross-site scripting vulnerability
βΌ CVE-2022-47895 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47896 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45347 βΌ
π Read
via "National Vulnerability Database".
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.π Read
via "National Vulnerability Database".
π΄ Threat Modeling in the Age of OpenAI's Chatbot π΄
π Read
via "Dark Reading".
New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.π Read
via "Dark Reading".
Dark Reading
Threat Modeling in the Age of OpenAI's Chatbot
New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.
π΄ Google WordPress Plug-in Bug Allows AWS Metadata Theft π΄
π Read
via "Dark Reading".
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.π Read
via "Dark Reading".
Dark Reading
Google WordPress Plug-in Bug Allows AWS Metadata Theft
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.
π΄ Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal π΄
π Read
via "Dark Reading".
Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.π Read
via "Dark Reading".
Dark Reading
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal
Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.
π΄ Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc. π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc.
SAN FRANCISCO, Dec. 22, 2022 /PRNewswire/ -- The global passwordless authentication market size is expected to reach USD 55.70 billion by 2030, growing at promising 18.2% CAGR, according to a new report by Grand View Research, Inc. Passwordless authenticationβ¦
ποΈ Lean, green coding machine: How sustainable computing drive can reduce attack surfaces ποΈ
π Read
via "The Daily Swig".
Less is often more when it comes to both infosec and eco-friendly computing practicesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Lean, green coding machine: How sustainable computing drive can reduce attack surfaces
Less is often more when it comes to both infosec and eco-friendly computing practices