βΌ CVE-2022-45093 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38773 βΌ
π Read
via "National Vulnerability Database".
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43513 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43514 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47935 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)π Read
via "National Vulnerability Database".
βΌ CVE-2022-46823 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.π Read
via "National Vulnerability Database".
π΄ Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security π΄
π Read
via "Dark Reading".
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.π Read
via "Dark Reading".
Dark Reading
Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.
π Zeek 5.0.5 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 5.0.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1π₯1
π΄ Delinea 2022 State of Ransomware Report Reveals That Attacks Are Down 61% From the Previous Year, and Ransom Payments Are Also on the Decline π΄
π Read
via "Dark Reading".
Annual survey uncovers surprising data but warns against complacency.π Read
via "Dark Reading".
Dark Reading
Delinea 2022 State of Ransomware Report Reveals That Attacks Are Down 61% From the Previous Year, and Ransom Payments Are Alsoβ¦
Annual survey uncovers surprising data but warns against complacency.
π΄ Moving Analytics Launches Single Sign on to Strengthen Data Security and Improve User Experience π΄
π Read
via "Dark Reading".
Moving Analytics, leading provider of virtual cardiac rehabilitation and prevention, announced that it is launching single sign on authentication for its entire software platform.π Read
via "Dark Reading".
Dark Reading
Moving Analytics Launches Single Sign on to Strengthen Data Security and Improve User Experience
Moving Analytics, leading provider of virtual cardiac rehabilitation and prevention, announced that it is launching single sign on authentication for its entire software platform.
π΄ Preparing for the Effects Of Quantum-Centric Supercomputing π΄
π Read
via "Dark Reading".
While it has been a perennial forecast that efficient universal quantum computers are βa decade away,β that prospect now seems a legitimate possibility. Organizations need to get ready now.π Read
via "Dark Reading".
Dark Reading
Preparing for the Effects of Quantum-Centric Supercomputing
While it has been a perennial forecast that efficient universal quantum computers are βa decade away,β that prospect now seems a legitimate possibility. Organizations need to get ready now.
π1
βΌ CVE-2022-4422 βΌ
π Read
via "National Vulnerability Database".
This issue affects: Bulutses Bilgi Teknolojileri LTD. Γβ¦Γ
ΒΎTΓβΓΒ°. BULUTDESK CALLCENTER versions prior to 3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46610 βΌ
π Read
via "National Vulnerability Database".
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3792 βΌ
π Read
via "National Vulnerability Database".
This issue affects: Terminal Operating System versions before 5.0.13π Read
via "National Vulnerability Database".
β CircleCI β code-building service suffers total credential compromise β
π Read
via "Naked Security".
They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Popular JWT cloud security library patches βremoteβ code execution hole β
π Read
via "Naked Security".
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.π Read
via "Naked Security".
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
Itβs remotely triggerable, but attackers would already have pretty deep network access if they could βprimeβ your server for compromise.
π1
βΌ CVE-2023-0162 βΌ
π Read
via "National Vulnerability Database".
The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4703 βΌ
π Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4710 βΌ
π Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4711 βΌ
π Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47083 βΌ
π Read
via "National Vulnerability Database".
Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.π Read
via "National Vulnerability Database".