βΌ CVE-2022-46367 βΌ
π Read
via "National Vulnerability Database".
Rumpus - FTP server Cross-site request forgery (CSRF) Γ’β¬β Privilege escalation vulnerability that may allow privilege escalation.π Read
via "National Vulnerability Database".
β Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches β
π Read
via "Naked Security".
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...π Read
via "Naked Security".
β S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text] β
π Read
via "Naked Security".
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)π Read
via "Naked Security".
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
Tell us in the commentsβ¦ Whatβs the REAL reason there was no Windows 9? (No theory too far-fetched!)
βΌ CVE-2022-43591 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0254 βΌ
π Read
via "National Vulnerability Database".
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the Γ’β¬ΛorderbyΓ’β¬β’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0247 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40983 βΌ
π Read
via "National Vulnerability Database".
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3977 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3628 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23456 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23457 βΌ
π Read
via "National Vulnerability Database".
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4743 βΌ
π Read
via "National Vulnerability Database".
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4842 βΌ
π Read
via "National Vulnerability Database".
A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22488 βΌ
π Read
via "National Vulnerability Database".
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3145 βΌ
π Read
via "National Vulnerability Database".
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45729 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2017-5242 βΌ
π Read
via "National Vulnerability Database".
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47102 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45728 βΌ
π Read
via "National Vulnerability Database".
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46472 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0257 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.π Read
via "National Vulnerability Database".