βΌ CVE-2022-0801 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3863 βΌ
π Read
via "National Vulnerability Database".
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2019-13768 βΌ
π Read
via "National Vulnerability Database".
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3460 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2742 βΌ
π Read
via "National Vulnerability Database".
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2022-2743 βΌ
π Read
via "National Vulnerability Database".
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2015-10012 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2012-10002 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267.π Read
via "National Vulnerability Database".
π΄ Black Hat Flashback: The Day That Dan Kaminsky Saved the Internet π΄
π Read
via "Dark Reading".
Dark Reading's Kelly Jackson Higgins explains the enormous legacy left behind by Dan Kaminsky and his seminal "Great DNS Vulnerability" talk at Black Hat 2008.π Read
via "Dark Reading".
Dark Reading
Black Hat Flashback: The Day That Dan Kaminsky Saved the Internet
Dark Reading's Kelly Jackson Higgins explains the enormous legacy left behind by Dan Kaminsky and his seminal "Great DNS Vulnerability" talk at Black Hat 2008.
βΌ CVE-2023-0038 βΌ
π Read
via "National Vulnerability Database".
The "Survey Maker Γ’β¬β Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4663 βΌ
π Read
via "National Vulnerability Database".
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site's administrator into uploading a CSV file with the malicious payload.π Read
via "National Vulnerability Database".
π΄ Are Meta and Twitter Ushering in a New Age of Insider Threats? π΄
π Read
via "Dark Reading".
The era of digital trust is broken, and constant vigilance is needed to get things back on track.π Read
via "Dark Reading".
Dark Reading
Are Meta and Twitter Ushering in a New Age of Insider Threats?
The era of digital trust is broken, and constant vigilance is needed to get things back on track.
π1
π SQLMAP - Automatic SQL Injection Tool 1.7 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π ModSecurity Backdoor Tool π
π Read
via "Packet Storm Security".
Proof of concept remote command execution and file retrieval backdoor script for ModSecurity.π Read
via "Packet Storm Security".
Packetstormsecurity
ModSecurity Backdoor Tool β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
π΄ Name That Edge Toon: The Upside Down π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: The Upside Down
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2023-0039 βΌ
π Read
via "National Vulnerability Database".
The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38766 βΌ
π Read
via "National Vulnerability Database".
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.π Read
via "National Vulnerability Database".
π΄ Chinese 'RedZei' Group Batters Victims With Incessant Vishing Effort π΄
π Read
via "Dark Reading".
The cybercriminals switch up carriers and SIM cards regularly, making it difficult for either mobile users or telecom companies to block the barrage of malicious calls and voicemails.π Read
via "Dark Reading".
Dark Reading
Chinese 'RedZei' Group Batters Victims With Incessant Vishing Effort
The cybercriminals switch up carriers and SIM cards regularly, making it difficult for either mobile users or telecom companies to block the barrage of malicious calls and voicemails.
β Inside a scammersβ lair: Ukraine busts 40 in fake bank call-centre raid β
π Read
via "Naked Security".
When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!π Read
via "Naked Security".
Naked Security
Inside a scammersβ lair: Ukraine busts 40 in fake bank call-centre raid
When someone calls you up to warn you that your bank account is under attack β itβs true, because THAT VERY PERSON is the one attacking you!
π΄ Raspberry Robin Worm Hatches a Highly Complex Upgrade π΄
π Read
via "Dark Reading".
The Evil Corp-linked malware family has undergone an evolution, becoming more obfuscated and "several times more complex," as the group behind it tests how far the worm can be spread.π Read
via "Dark Reading".
Dark Reading
Raspberry Robin Worm Hatches a Highly Complex Upgrade
The Evil Corp-linked malware family has undergone an evolution, becoming more obfuscated and "several times more complex," as the group behind it tests how far the worm can be spread.
β€1
βΌ CVE-2021-32821 βΌ
π Read
via "National Vulnerability Database".
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.π Read
via "National Vulnerability Database".