‼ CVE-2022-47790 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4884 ‼
📖 Read
via "National Vulnerability Database".
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.📖 Read
via "National Vulnerability Database".
👍1
🕴 Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone 🕴
📖 Read
via "Dark Reading".
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.📖 Read
via "Dark Reading".
Dark Reading
Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.
👍1
‼ CVE-2022-36928 ‼
📖 Read
via "National Vulnerability Database".
Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36927 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36926 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36930 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36925 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36929 ‼
📖 Read
via "National Vulnerability Database".
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
🕴 Serbia Slammed With DDoS Attacks 🕴
📖 Read
via "Dark Reading".
The Serbian government reports that it staved off five attacks aimed at crippling Serbian infrastructure.📖 Read
via "Dark Reading".
Dark Reading
Serbia Slammed With DDoS Attacks
The Serbian government reports that it staved off five attacks aimed at crippling Serbian infrastructure.
🕴 Attackers Are Already Exploiting ChatGPT to Write Malicious Code 🕴
📖 Read
via "Dark Reading".
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.📖 Read
via "Dark Reading".
Dark Reading
Attackers Are Already Exploiting ChatGPT to Write Malicious Code
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.
‼ CVE-2015-10034 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43970 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43973 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10035 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10033 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125072 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0125 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36603 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125071 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43972 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.📖 Read
via "National Vulnerability Database".