‼ CVE-2023-22339 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22373 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22331 ‼
📖 Read
via "National Vulnerability Database".
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0410 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22334 ‼
📖 Read
via "National Vulnerability Database".
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.📖 Read
via "National Vulnerability Database".
👎1
‼ CVE-2023-20020 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23596 ‼
📖 Read
via "National Vulnerability Database".
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5.📖 Read
via "National Vulnerability Database".
🗓️ Popular password managers auto-filled credentials on untrusted websites 🗓️
📖 Read
via "The Daily Swig".
Dashlane, Bitwarden, and Safari all cited by Google researchers📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Popular password managers auto-filled credentials on untrusted websites
Dashlane, Bitwarden, and Safari all cited by Google researchers
👍2
‼ CVE-2021-37499 ‼
📖 Read
via "National Vulnerability Database".
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37500 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37498 ‼
📖 Read
via "National Vulnerability Database".
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.📖 Read
via "National Vulnerability Database".
🗓️ Git security audit reveals critical overflow bugs 🗓️
📖 Read
via "The Daily Swig".
Uncovered vulnerabilities include several high, medium, and low-security issues📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues
🛠 TOR Virtual Network Tunneling Tool 0.4.7.13 🛠
📖 Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.13 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
👍3
‼ CVE-2022-48125 ‼
📖 Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48121 ‼
📖 Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43959 ‼
📖 Read
via "National Vulnerability Database".
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48124 ‼
📖 Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48123 ‼
📖 Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41441 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48122 ‼
📖 Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48126 ‼
📖 Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.📖 Read
via "National Vulnerability Database".