ποΈ Popular password managers auto-filled credentials on untrusted websites ποΈ
π Read
via "The Daily Swig".
Dashlane, Bitwarden, and Safari all cited by Google researchersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Popular password managers auto-filled credentials on untrusted websites
Dashlane, Bitwarden, and Safari all cited by Google researchers
π2
βΌ CVE-2021-37499 βΌ
π Read
via "National Vulnerability Database".
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37500 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37498 βΌ
π Read
via "National Vulnerability Database".
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.π Read
via "National Vulnerability Database".
ποΈ Git security audit reveals critical overflow bugs ποΈ
π Read
via "The Daily Swig".
Uncovered vulnerabilities include several high, medium, and low-security issuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues
π TOR Virtual Network Tunneling Tool 0.4.7.13 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.13 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π3
βΌ CVE-2022-48125 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48121 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43959 βΌ
π Read
via "National Vulnerability Database".
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48124 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48123 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41441 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48122 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48126 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
β S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text] β
π Read
via "Naked Security".
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...π Read
via "Naked Security".
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
As always: entertaining, informative and educationalβ¦ and not bogged down with jargon! Listen (or read) nowβ¦
β T-Mobile admits to 37,000,000 customer records stolen by βbad actorβ β
π Read
via "Naked Security".
Once more, it's time for Shakespeare's words: Once more unto the breach...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π€―1
βΌ CVE-2021-26642 βΌ
π Read
via "National Vulnerability Database".
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38112 βΌ
π Read
via "National Vulnerability Database".
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27915 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26644 βΌ
π Read
via "National Vulnerability Database".
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38110 βΌ
π Read
via "National Vulnerability Database".
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.π Read
via "National Vulnerability Database".