β OpenSSH fixes double-free memory bug thatβs pokable over the network β
π Read
via "Naked Security".
It's a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code...π Read
via "Naked Security".
Naked Security
OpenSSH fixes double-free memory bug thatβs pokable over the network
Itβs a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct codeβ¦
βΌ CVE-2021-36226 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36225 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44343 βΌ
π Read
via "National Vulnerability Database".
CRMEB 4.4.4 is vulnerable to Any File download.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29416 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36224 βΌ
π Read
via "National Vulnerability Database".
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27628 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone Γ’β¬β Lite Version plugin 3.1 Lite versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48085 βΌ
π Read
via "National Vulnerability Database".
Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-0679 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48164 βΌ
π Read
via "National Vulnerability Database".
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45722 βΌ
π Read
via "National Vulnerability Database".
ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
β Finnish psychotherapy extortion suspect arrested in France β
π Read
via "Naked Security".
Company transcribed ultra-personal conversations, didn't secure them. Criminal stole them, then extorted thousands of vulnerable patients.π Read
via "Naked Security".
Naked Security
Finnish psychotherapy extortion suspect arrested in France
Company transcribed ultra-personal conversations, didnβt secure them. Criminal stole them, then extorted thousands of vulnerable patients.
ποΈ Google engineers plot to mitigate prototype pollution ποΈ
π Read
via "The Daily Swig".
Plan to create boundary between JavaScript objects and their blueprints gathers momentumπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google engineers plot to mitigate prototype pollution
Plan to create boundary between JavaScript objects and their blueprints gathers momentum
π GNUnet P2P Framework 0.19.3 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.19.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-24200 βΌ
π Read
via "National Vulnerability Database".
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24192 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48078 βΌ
π Read
via "National Vulnerability Database".
pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24198 βΌ
π Read
via "National Vulnerability Database".
Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24197 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24202 βΌ
π Read
via "National Vulnerability Database".
Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24194 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.π Read
via "National Vulnerability Database".
π1