🕴 JsonWebToken Security Bug Opens Servers to RCE 🕴
📖 Read
via "Dark Reading".
The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.📖 Read
via "Dark Reading".
Dark Reading
JsonWebToken Security Bug Opens Servers to RCE
The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.
🕴 'Copyright Infringement' Lure Used for Facebook Credential Harvesting 🕴
📖 Read
via "Dark Reading".
Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.📖 Read
via "Dark Reading".
Dark Reading
'Copyright Infringement' Lure Used for Facebook Credential Harvesting
Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.
‼ CVE-2022-46258 ‼
📖 Read
via "National Vulnerability Database".
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47790 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4884 ‼
📖 Read
via "National Vulnerability Database".
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.📖 Read
via "National Vulnerability Database".
👍1
🕴 Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone 🕴
📖 Read
via "Dark Reading".
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.📖 Read
via "Dark Reading".
Dark Reading
Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.
👍1
‼ CVE-2022-36928 ‼
📖 Read
via "National Vulnerability Database".
Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36927 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36926 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36930 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36925 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36929 ‼
📖 Read
via "National Vulnerability Database".
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
🕴 Serbia Slammed With DDoS Attacks 🕴
📖 Read
via "Dark Reading".
The Serbian government reports that it staved off five attacks aimed at crippling Serbian infrastructure.📖 Read
via "Dark Reading".
Dark Reading
Serbia Slammed With DDoS Attacks
The Serbian government reports that it staved off five attacks aimed at crippling Serbian infrastructure.
🕴 Attackers Are Already Exploiting ChatGPT to Write Malicious Code 🕴
📖 Read
via "Dark Reading".
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.📖 Read
via "Dark Reading".
Dark Reading
Attackers Are Already Exploiting ChatGPT to Write Malicious Code
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.
‼ CVE-2015-10034 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43970 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43973 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10035 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10033 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125072 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0125 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".