‼ CVE-2022-36927 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36926 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36930 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36925 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36929 ‼
📖 Read
via "National Vulnerability Database".
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
🕴 Serbia Slammed With DDoS Attacks 🕴
📖 Read
via "Dark Reading".
The Serbian government reports that it staved off five attacks aimed at crippling Serbian infrastructure.📖 Read
via "Dark Reading".
Dark Reading
Serbia Slammed With DDoS Attacks
The Serbian government reports that it staved off five attacks aimed at crippling Serbian infrastructure.
🕴 Attackers Are Already Exploiting ChatGPT to Write Malicious Code 🕴
📖 Read
via "Dark Reading".
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.📖 Read
via "Dark Reading".
Dark Reading
Attackers Are Already Exploiting ChatGPT to Write Malicious Code
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.
‼ CVE-2015-10034 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43970 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43973 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10035 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10033 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125072 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0125 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36603 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125071 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43972 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43971 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.📖 Read
via "National Vulnerability Database".
🕴 Firmware Vulnerability in Chips Helps Hackers Take Control of Systems 🕴
📖 Read
via "Dark Reading".
The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations.📖 Read
via "Dark Reading".
Dark Reading
Latest Firmware Flaws in Qualcomm Snapdragon Need Attention
The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations.
‼ CVE-2022-4310 ‼
📖 Read
via "National Vulnerability Database".
The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4301 ‼
📖 Read
via "National Vulnerability Database".
The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".