🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-42455 ‼

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

📖 Read

via "National Vulnerability Database".
164 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0850 ‼

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
155 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-45546 ‼

Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.

📖 Read

via "National Vulnerability Database".
155 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38867 ‼

SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
160 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-34117 ‼

SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.

📖 Read

via "National Vulnerability Database".
169 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0849 ‼

A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.

📖 Read

via "National Vulnerability Database".
177 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38935 ‼

An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-21120 ‼

SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.

📖 Read

via "National Vulnerability Database".
205 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-19825 ‼

Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-33925 ‼

SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.

📖 Read

via "National Vulnerability Database".
295 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38239 ‼

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

📖 Read

via "National Vulnerability Database".
322 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-33304 ‼

Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
400 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Oligo Security Takes Aim at Open Source Vulnerabilities 🕴

The startup's software helps organizations secure their containers in the cloud by teasing out which packages are running and which are vulnerable.

📖 Read

via "Dark Reading".
Dark Reading
Oligo Security Takes Aim at Open Source Vulnerabilities
The startup's software helps organizations secure their containers in the cloud by teasing out which packages are running and which are vulnerable.
454 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Descope Handles Authentication So Developers Don't Have To 🕴

Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.

📖 Read

via "Dark Reading".
Dark Reading
Descope Handles Authentication So Developers Don't Have To
Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.
424 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0860 ‼

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

📖 Read

via "National Vulnerability Database".
357 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0861 ‼

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 before 4.6.72.101, from 4.6.73.0 before 4.6.73.101.

📖 Read

via "National Vulnerability Database".
361 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0568 ‼

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

📖 Read

via "National Vulnerability Database".
334 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0862 ‼

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 before 4.6.72.101, from 4.6.73.0 before 4.6.73.101.

📖 Read

via "National Vulnerability Database".
362 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0662 ‼

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

📖 Read

via "National Vulnerability Database".
401 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43969 ‼

Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.

📖 Read

via "National Vulnerability Database".
351 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38731 ‼

Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.

📖 Read

via "National Vulnerability Database".
366 views