βΌ CVE-2022-4877 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is d41f3697926b231782a3ad8050f5af1ce5cc40b7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217444.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43525 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.π Read
via "National Vulnerability Database".
βΌ CVE-2016-15010 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The name of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22626 βΌ
π Read
via "National Vulnerability Database".
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)π Read
via "National Vulnerability Database".
βΌ CVE-2021-25222 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10013 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25096 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46335 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44535 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could allow an attacker to achieve administrative privilege on the web-management interface leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43535 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.π Read
via "National Vulnerability Database".
ποΈ Devs urged to rotate secrets after CircleCI suffers security breach ποΈ
π Read
via "The Daily Swig".
DevOps platform advises customers to revoke API tokensπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Devs urged to rotate secrets after CircleCI suffers security breach
DevOps platform advises customers to revoke API tokens
βΌ CVE-2015-10014 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The name of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45995 βΌ
π Read
via "National Vulnerability Database".
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125040 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.π Read
via "National Vulnerability Database".
π΄ How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization π΄
π Read
via "Dark Reading".
Collaboration across all business units is key to building a robust cybersecurity program.π Read
via "Dark Reading".
Dark Reading
How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization
Collaboration across all business units is key to building a robust cybersecurity program.
π΄ US Based ICOIN Technology Announces Secure Messaging Solution Using Hardware Wallet Encryption π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
US Based ICOIN Technology Announces Secure Messaging Solution Using Hardware Wallet Encryption
CAMPBELL, Calif., Jan. 5, 2023 /PRNewswire/ -- iCoin Technology, a U.S. based manufacturer of modern crypto hardware wallets, announced today that it will be adding a secure messaging feature to their existing hardware wallet system for cryptocurrency
π SimpleRmiDiscoverer 0.1 π
π Read
via "Packet Storm Security".
SimpleRmiDiscoverer is a JMX RMI scanning tool for unsecured (without enabled authentication) instances of JAVA JMX. It does not use standard Java RMI/JMX classes like other available tools but rather communicates directly over TCP. The tool is written in Java and is very useful in red teaming operations because JVM is still ubiquitous in corporate environments. It can be executed by unprivileged (non-admin) users.π Read
via "Packet Storm Security".
Packetstormsecurity
SimpleRmiDiscoverer 0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Faraday 4.3.2 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Maternal & Family Health Services Issues Notice Of Cybersecurity Incident π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Maternal & Family Health Services Issues Notice Of Cybersecurity Incident
WILKES-BARRE, Pa., Jan. 5, 2023 /PRNewswire/ -- Maternal & Family Health Services ("MFHS"), a private non-profit health and human services organization serving Northeastern Pennsylvania, announced today that the organization was the victim of a sophisticatedβ¦