βΌ CVE-2022-48324 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) pesquisa, (2) data, (3) data2, (4) nome, (5) descricao, (6) idDocumentos, (7) id in file application/controllers/Arquivos.php; (8) senha, (9) nomeCliente, (10) contato, (11) documento, (12) telefone, (13) celular, (14) email, (15) rua, (16) numero, (17) complemento, (18) bairro, (19) cidade, (20) estado, (21) cep, (22) idClientes, (23) id in file application/controllers/Clientes.php; (24) id, (25) tipo, (26) forma_pagamento, (27) gateway_de_pagamento, (28) excluir_id, (29) confirma_id, (30) cancela_id in file application/controllers/Cobrancas.php; (31) vencimento_de, (32) vencimento_ate, (33) cliente, (34) tipo, (35) status, (36) valor_desconto, (37) desconto, (38) periodo, (39) per_page, (40) urlAtual, (41) vencimento, (42) recebimento, (43) valor, (44) recebido, (45) formaPgto, (46) desconto_parc, (47) entrada, (48) qtdparcelas_parc, (49) valor_parc, (50) dia_pgto, (51) dia_base_pgto, (52) comissao, (53) descricao_parc, (54) cliente_parc, (55) observacoes_parc, (56) formaPgto_parc, (57) tipo_parc, (58) pagamento, (59) pago, (60) valor_desconto_editar, (61) descricao, (62) fornecedor, (63) observacoes, (64) id in file application/controllers/Financeiro.php; (65) refGarantia, (66) textoGarantia, (67) idGarantias in file application/controllers/Garantias.php; (68) email, (69) senha in file application/controllers/Login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22380 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23980 βΌ
π Read
via "National Vulnerability Database".
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48327 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) dataInicial, (2) dataFinal, (3) tipocliente, (4) format, (5) precoInicial, (6) precoFinal, (7) estoqueInicial, (8) estoqueFinal, (9) de_id, (10) ate_id, (11) clientes_id, (12) origem, (13) cliente, (14) responsavel, (15) status, (16) tipo, (17) situacao in file application/controllers/Relatorios.php; (18) preco, (19) nome, (20) descricao, (21) idServicos, (22) id in file application/controllers/Servicos.php; (23) senha, (24) permissoes_id, (25) idUsuarios, (26) situacao, (27) nome, (28) rg, (29) cpf, (30) cep, (31) rua, (32) numero, (33) bairro, (34) cidade, (35) estado, (36) email, (37) telefone, (38) celular in file application/controllers/Usuarios.php; (39) dataVenda, (40) observacoes, (41) observacoes_cliente, (42) clientes_id, (43) usuarios_id, (44) idVendas, (45) id, (46) idVendasProduto, (47) preco, (48) quantidade, (49) idProduto, (50) produto, (51) desconto, (52) tipoDesconto, (53) resultado, (54) vendas_id, (55) vencimento, (56) recebimento, (57) valor, (58) recebido, (59) formaPgto, (60) tipo in file application/controllers/Vendas.php; (61) situacao, (62) periodo, (63) vencimento_de, (64) vencimento_ate, (65) tipo, (66) status, (67) cliente in file application/views/financeiro/lancamentos.php; (68) year in file application/views/mapos/painel.php; (69) pesquisa in file application/views/os/os.php; (70) etiquetaCode in file application/views/relatorios/imprimir/imprimirEtiquetas.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44299 βΌ
π Read
via "National Vulnerability Database".
SiteServerCMS 7.1.3 sscms has a file read vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24219 βΌ
π Read
via "National Vulnerability Database".
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24220 βΌ
π Read
via "National Vulnerability Database".
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0887 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0882 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse.This issue affects Single Connect: 2.16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24078 βΌ
π Read
via "National Vulnerability Database".
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0883 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23695 βΌ
π Read
via "National Vulnerability Database".
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24221 βΌ
π Read
via "National Vulnerability Database".
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.π Read
via "National Vulnerability Database".
β S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
Latest episode β listen now! (Full transcript inside.)
βΌ CVE-2022-32972 βΌ
π Read
via "National Vulnerability Database".
Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23586 βΌ
π Read
via "National Vulnerability Database".
Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uringπ Read
via "National Vulnerability Database".
βΌ CVE-2022-40032 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40347 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.π Read
via "National Vulnerability Database".
π΄ AppSec Threats Deserve Their Own Incident Response Plan π΄
π Read
via "Dark Reading".
With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.π Read
via "Dark Reading".
Dark Reading
AppSec Threats Deserve Their Own Incident Response Plan
With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.
ποΈ HTTP request smuggling bug patched in HAProxy ποΈ
π Read
via "The Daily Swig".
Exploitation could enable attackers to access backend serversπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
π1
π Faraday 4.3.3 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers