βΌ CVE-2022-42280 βΌ
π Read
via "National Vulnerability Database".
NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48256 βΌ
π Read
via "National Vulnerability Database".
Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42274 βΌ
π Read
via "National Vulnerability Database".
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21191 βΌ
π Read
via "National Vulnerability Database".
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42277 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0287 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π tcpdump 4.99.3 π
π Read
via "Packet Storm Security".
tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.π Read
via "Packet Storm Security".
Packetstormsecurity
tcpdump 4.99.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β€1
β S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text] β
π Read
via "Naked Security".
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)π Read
via "Naked Security".
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
Tell us in the commentsβ¦ Whatβs the REAL reason there was no Windows 9? (No theory too far-fetched!)
π1
βΌ CVE-2023-0288 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0289 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0221 βΌ
π Read
via "National Vulnerability Database".
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22494 βΌ
π Read
via "National Vulnerability Database".
a12nserver is an open source lightweight OAuth2 server. Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. The knex dependency has been updated to 2.4.0 in a12nserver 0.23.0. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22493 βΌ
π Read
via "National Vulnerability Database".
RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.π Read
via "National Vulnerability Database".
ποΈ Deserialized web security roundup β Slack, Okta security breaches, lax US government passwords report, and more ποΈ
π Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity newsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup β Slack and Okta breaches, lax US government passwords report, and more
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
βΌ CVE-2009-10001 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4312 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2009-10002 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42136 βΌ
π Read
via "National Vulnerability Database".
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21599 βΌ
π Read
via "National Vulnerability Database".
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21596 βΌ
π Read
via "National Vulnerability Database".
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36204 βΌ
π Read
via "National Vulnerability Database".
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.π Read
via "National Vulnerability Database".