🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4856

A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
336 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4855

A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.

📖 Read

via "National Vulnerability Database".
334 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48196

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

📖 Read

via "National Vulnerability Database".
352 views
🛡 Cybersecurity & Privacy 🛡 - News
🗓️ Security done right – infosec wins of 2022 🗓️

The toasts, triumphs, and biggest security wins of the year

📖 Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security done right – infosec wins of 2022
The toasts, triumphs, and biggest security wins of the year
340 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2017-20153

A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
300 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2018-25059

A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2017-20151

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-36638

A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043.

📖 Read

via "National Vulnerability Database".
197 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4860

A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The name of the patch is 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059.

📖 Read

via "National Vulnerability Database".
183 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2017-20152

A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.

📖 Read

via "National Vulnerability Database".
186 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-36637

A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
189 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-43396

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.

📖 Read

via "National Vulnerability Database".
192 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2018-25060

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the patch is dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
219 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4859

A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The name of the patch is 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055.

📖 Read

via "National Vulnerability Database".
256 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4858

Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.

📖 Read

via "National Vulnerability Database".
282 views
🛡 Cybersecurity & Privacy 🛡 - News
🗓️ Bug Bounty Radar // The latest bug bounty programs for January 2023 🗓️

New web targets for the discerning hacker

📖 Read

via "The Daily Swig".
316 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Beyond the Obvious: The Boldest Cybersecurity Predictions for 2023 🕴

Dark Reading's panel of security experts deliver a magnum of bubbly hot takes on what 2023 will look like, featuring evil AIs, WWIII, wild workplace soon-to-be-norms, and more.

📖 Read

via "Dark Reading".
Dark Reading
Beyond the Obvious: The Boldest Cybersecurity Predictions for 2023
Dark Reading's panel of security experts deliver a magnum of bubbly hot takes on what 2023 will look like, featuring evil AIs, WWIII, wild workplace soon-to-be-norms, and more.
👍1
346 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 War and Geopolitical Conflict: The New Battleground for DDoS Attacks 🕴

The effectiveness of attacks largely depends on organizations' distributed denial-of-service defenses.

📖 Read

via "Dark Reading".
Dark Reading
War and Geopolitical Conflict: The New Battleground for DDoS Attacks
The effectiveness of attacks largely depends on organizations' distributed denial-of-service defenses.
370 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4861

Incorrect implementation in authentication protocol in M-Files Server before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

📖 Read

via "National Vulnerability Database".
374 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 API Security Is the New Black 🕴

API security is so hot right now.

📖 Read

via "Dark Reading".
Dark Reading
API Security Is the New Black
API security is so hot right now.
331 views