‼ CVE-2022-4848 ‼
📖 Read
via "National Vulnerability Database".
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4851 ‼
📖 Read
via "National Vulnerability Database".
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4850 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4847 ‼
📖 Read
via "National Vulnerability Database".
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4845 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4844 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4841 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
🔥2
♟️ Happy 12th Birthday, KrebsOnSecurity! ♟️
📖 Read
via "Krebs on Security".
KrebsOnSecurity turns 12 years old today. That's a crazy long time for an independent media outlet these days, but then again I'm liable to keep doing this as long as they keep letting me! Thanks to your readership and support, I was able to spend more time in 2022 on in-depth investigative stories -- the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Breaches review below.📖 Read
via "Krebs on Security".
Krebsonsecurity
Happy 13th Birthday, KrebsOnSecurity!
KrebsOnSecurity turns 12 years old today. That's a crazy long time for an independent media outlet these days, but then again I'm liable to keep doing this as long as they keep letting me! Thanks to your readership and support,…
‼ CVE-2022-30519 ‼
📖 Read
via "National Vulnerability Database".
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36437 ‼
📖 Read
via "National Vulnerability Database".
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.📖 Read
via "National Vulnerability Database".
🕴 6 Ways to Protect Your Organization Against LAPSUS$ 🕴
📖 Read
via "Dark Reading".
Businesses need to educate employees the type of social engineering attacks used by hacking group DEV-0537 (LAPSUS$) and strengthen their security posture.📖 Read
via "Dark Reading".
Dark Reading
6 Ways to Protect Your Organization Against LAPSUS$
Businesses need to educate employees the type of social engineering attacks used by hacking group DEV-0537 (LAPSUS$) and strengthen their security posture.
‼ CVE-2022-44137 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4857 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-48194 ‼
📖 Read
via "National Vulnerability Database".
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4856 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4855 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48196 ‼
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.📖 Read
via "National Vulnerability Database".
🗓️ Security done right – infosec wins of 2022 🗓️
📖 Read
via "The Daily Swig".
The toasts, triumphs, and biggest security wins of the year📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security done right – infosec wins of 2022
The toasts, triumphs, and biggest security wins of the year
‼ CVE-2017-20153 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25059 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20151 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".