βΌ CVE-2020-22007 βΌ
π Read
via "National Vulnerability Database".
OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.π Read
via "National Vulnerability Database".
ποΈ WAGO fixes config export flaw threatening data leak from industrial devices ποΈ
π Read
via "The Daily Swig".
Severity somewhat blunted by reboot-related caveatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
WAGO fixes config export flaw threatening data leak from industrial devices
Severity somewhat blunted by reboot-related caveat
βΌ CVE-2012-10006 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0385 βΌ
π Read
via "National Vulnerability Database".
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46505 βΌ
π Read
via "National Vulnerability Database".
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.π Read
via "National Vulnerability Database".
βΌ CVE-2011-10001 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The name of the patch is d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45103 βΌ
π Read
via "National Vulnerability Database".
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4314 βΌ
π Read
via "National Vulnerability Database".
It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesnΓ’β¬β’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isnΓ’β¬β’t. ItΓ’β¬β’s possible to use this to persuade the southbound service that different user is authenticated.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47881 βΌ
π Read
via "National Vulnerability Database".
Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20172 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The name of the patch is 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20173 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218492.π Read
via "National Vulnerability Database".
β Serious Security: Unravelling the LifeLock βhacked passwordsβ story β
π Read
via "Naked Security".
Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-21601 βΌ
π Read
via "National Vulnerability Database".
Adobe Dimension version 3.4.6 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21603 βΌ
π Read
via "National Vulnerability Database".
Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45613 βΌ
π Read
via "National Vulnerability Database".
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22809 βΌ
π Read
via "National Vulnerability Database".
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47950 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).π Read
via "National Vulnerability Database".
βΌ CVE-2022-47966 βΌ
π Read
via "National Vulnerability Database".
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3100 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21605 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35326 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value.π Read
via "National Vulnerability Database".