ποΈ Git security audit reveals critical overflow bugs ποΈ
π Read
via "The Daily Swig".
Uncovered vulnerabilities include several high, medium, and low-security issuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues
π TOR Virtual Network Tunneling Tool 0.4.7.13 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.13 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π3
βΌ CVE-2022-48125 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48121 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43959 βΌ
π Read
via "National Vulnerability Database".
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48124 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48123 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41441 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48122 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48126 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.π Read
via "National Vulnerability Database".
β S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text] β
π Read
via "Naked Security".
As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...π Read
via "Naked Security".
Naked Security
S3 Ep118: Guess your password? No need if itβs stolen already! [Audio + Text]
As always: entertaining, informative and educationalβ¦ and not bogged down with jargon! Listen (or read) nowβ¦
β T-Mobile admits to 37,000,000 customer records stolen by βbad actorβ β
π Read
via "Naked Security".
Once more, it's time for Shakespeare's words: Once more unto the breach...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π€―1
βΌ CVE-2021-26642 βΌ
π Read
via "National Vulnerability Database".
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38112 βΌ
π Read
via "National Vulnerability Database".
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27915 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26644 βΌ
π Read
via "National Vulnerability Database".
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38110 βΌ
π Read
via "National Vulnerability Database".
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27916 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22912 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25631 βΌ
π Read
via "National Vulnerability Database".
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevatedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-27917 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".