βΌ CVE-2022-45788 βΌ
π Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxureΓ’βΒ’ Control Expert (All Versions), EcoStruxureΓ’βΒ’ Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum Unity M1E Processor (171CBU*) (All Versions), Modicon MC80 (BMKC80) (All Versions), Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2023-0240 βΌ
π Read
via "National Vulnerability Database".
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.π Read
via "National Vulnerability Database".
β Hive ransomware servers shut down at last, says FBI β
π Read
via "Naked Security".
Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Proxmark3 4.16191 Custom Firmware π
π Read
via "Packet Storm Security".
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.π Read
via "Packet Storm Security".
Packetstormsecurity
Proxmark3 4.16191 Custom Firmware β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenStego Free Steganography Solution 0.8.6 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-26872 βΌ
π Read
via "National Vulnerability Database".
AMI Megarac Password reset interception via APIπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46087 βΌ
π Read
via "National Vulnerability Database".
CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23334 βΌ
π Read
via "National Vulnerability Database".
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0581 βΌ
π Read
via "National Vulnerability Database".
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0512 βΌ
π Read
via "National Vulnerability Database".
Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.π Read
via "National Vulnerability Database".
β Serious Security: The Samba logon bug caused by outdated crypto β
π Read
via "Naked Security".
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!π Read
via "Naked Security".
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
βΌ CVE-2023-24830 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48006 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4472 βΌ
π Read
via "National Vulnerability Database".
The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34888 βΌ
π Read
via "National Vulnerability Database".
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32513 βΌ
π Read
via "National Vulnerability Database".
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32516 βΌ
π Read
via "National Vulnerability Database".
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause systemΓ’β¬β’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: ConextΓ’βΒ’ ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32522 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-0223 βΌ
π Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32526 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32517 βΌ
π Read
via "National Vulnerability Database".
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: ConextΓ’βΒ’ ComBox (All Versions)π Read
via "National Vulnerability Database".