‼ CVE-2022-37785 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34324 ‼
📖 Read
via "National Vulnerability Database".
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25062 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125030 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The name of the patch is 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48198 ‼
📖 Read
via "National Vulnerability Database".
The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34323 ‼
📖 Read
via "National Vulnerability Database".
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model features (OnlineBanking > Web Monitoring > Settings > Filters / Display models). The name of a filter or a display model is interpreted as HTML and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. Another issue is present in the Notification feature (OnlineBanking > Configuration > Notifications and alerts > Alerts *). The name of an alert is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. (Also, an issue is present in the File download feature, accessible via /OnlineBanking/cgi/isapi.dll/DOWNLOADFRS. When requesting to show the list of downloadable files, the contents of three form fields are embedded in the JavaScript code without prior sanitization. This is essentially a self-XSS.)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41823 ‼
📖 Read
via "National Vulnerability Database".
The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25063 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37786 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47952 ‼
📖 Read
via "National Vulnerability Database".
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47634 ‼
📖 Read
via "National Vulnerability Database".
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0029 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The manipulation leads to denial of service. The attack may be initiated remotely. The identifier VDB-217169 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10006 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172.📖 Read
via "National Vulnerability Database".
‼ CVE-2013-10006 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. Upgrading to version 0.8.4rc2 is able to address this issue. The name of the patch is cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22551 ‼
📖 Read
via "National Vulnerability Database".
The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not.📖 Read
via "National Vulnerability Database".
‼ CVE-2010-10002 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4297 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The name of the patch is 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
⚠ PyTorch: Machine Learning toolkit pwned from Christmas to New Year ⚠
📖 Read
via "Naked Security".
The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.📖 Read
via "Naked Security".
Sophos News
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
The bad news: the crooks have your SSH private keys. The good news: only users of the “nightly” build were affected.
👍1
📢 What is MFA fatigue and how do you defend against attacks? 📢
📖 Read
via "ITPro".
Strong authentication is key to security, but it needs to be properly managed to avoid MFA fatigue📖 Read
via "ITPro".
ITPro
What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
Strong authentication is key to security, but it needs to be properly managed to avoid MFA fatigue
👍1
📢 Meta to pay $725 million in Cambridge Analytica lawsuit settlement 📢
📖 Read
via "ITPro".
The settlement closes the long-running lawsuit into how Facebook's owner, Meta, handled the Cambridge Analytica scandal📖 Read
via "ITPro".
ITPro
Meta to pay $725 million in Cambridge Analytica lawsuit settlement
The settlement closes the long-running lawsuit into how Facebook's owner, Meta, handled the Cambridge Analytica scandal
‼ CVE-2019-25093 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
👍1