βΌ CVE-2023-0398 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125083 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4892 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10070 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The name of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2013-10014 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0397 βΌ
π Read
via "National Vulnerability Database".
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23690 βΌ
π Read
via "National Vulnerability Database".
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3738 βΌ
π Read
via "National Vulnerability Database".
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37774 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
β S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text] β
π Read
via "Naked Security".
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...π Read
via "Naked Security".
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
As always: entertaining, informative and educationalβ¦ and not bogged down with jargon! Listen (or read) nowβ¦
β€1
π Wireshark Analyzer 4.0.3 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects ποΈ
π Read
via "The Daily Swig".
Six payouts issued for bugs uncovered in Theia, Vertex AI, Compute Engine, and Cloud Workstationsπ Read
via "The Daily Swig".
βΌ CVE-2020-25679 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47195 βΌ
π Read
via "National Vulnerability Database".
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `facebook` field for a user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10692 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40697 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com Γ’β¬β Asesor de Cookies para normativa espaΓΒ±ola plugin <= 3.4.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39167 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10764 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25714 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47745 βΌ
π Read
via "National Vulnerability Database".
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47197 βΌ
π Read
via "National Vulnerability Database".
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post.π Read
via "National Vulnerability Database".