πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41441 β€Ό

Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48122 β€Ό

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.

πŸ“– Read

via "National Vulnerability Database".
304 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48126 β€Ό

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text] ⚠

As always: entertaining, informative and educational... and not bogged down with jargon! Listen (or read) now...

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]
As always: entertaining, informative and educational… and not bogged down with jargon! Listen (or read) now…
358 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ T-Mobile admits to 37,000,000 customer records stolen by β€œbad actor” ⚠

Once more, it's time for Shakespeare's words: Once more unto the breach...

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
🀯1
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-26642 β€Ό

When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.

πŸ“– Read

via "National Vulnerability Database".
289 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38112 β€Ό

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.

πŸ“– Read

via "National Vulnerability Database".
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27915 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
252 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-26644 β€Ό

SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38110 β€Ό

In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27916 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22912 β€Ό

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.

πŸ“– Read

via "National Vulnerability Database".
207 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25631 β€Ό

Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27917 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27918 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23489 β€Ό

The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.

πŸ“– Read

via "National Vulnerability Database".
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47747 β€Ό

kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23488 β€Ό

The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47732 β€Ό

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22964 β€Ό

Zoho ManageEngine ServiceDesk Plus MSP through 13003 is vulnerable to authentication bypass due to the unsafe LDAP configuration (issue 1 of 2).

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-43704 β€Ό

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.

πŸ“– Read

via "National Vulnerability Database".
277 views