βΌ CVE-2022-31901 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46476 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.π Read
via "National Vulnerability Database".
βοΈ New T-Mobile Breach Affects 37 Million Accounts βοΈ
π Read
via "Krebs on Security".
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.π Read
via "Krebs on Security".
Krebs on Security
New T-Mobile Breach Affects 37 Million Accounts
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvestβ¦
βΌ CVE-2023-22339 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22373 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22331 βΌ
π Read
via "National Vulnerability Database".
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0410 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22334 βΌ
π Read
via "National Vulnerability Database".
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-20020 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23596 βΌ
π Read
via "National Vulnerability Database".
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5.π Read
via "National Vulnerability Database".
ποΈ Popular password managers auto-filled credentials on untrusted websites ποΈ
π Read
via "The Daily Swig".
Dashlane, Bitwarden, and Safari all cited by Google researchersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Popular password managers auto-filled credentials on untrusted websites
Dashlane, Bitwarden, and Safari all cited by Google researchers
π2
βΌ CVE-2021-37499 βΌ
π Read
via "National Vulnerability Database".
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37500 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37498 βΌ
π Read
via "National Vulnerability Database".
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.π Read
via "National Vulnerability Database".
ποΈ Git security audit reveals critical overflow bugs ποΈ
π Read
via "The Daily Swig".
Uncovered vulnerabilities include several high, medium, and low-security issuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues
π TOR Virtual Network Tunneling Tool 0.4.7.13 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.13 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π3
βΌ CVE-2022-48125 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48121 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43959 βΌ
π Read
via "National Vulnerability Database".
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48124 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48123 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".