‼ CVE-2022-40347 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.📖 Read
via "National Vulnerability Database".
🕴 AppSec Threats Deserve Their Own Incident Response Plan 🕴
📖 Read
via "Dark Reading".
With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.📖 Read
via "Dark Reading".
Dark Reading
AppSec Threats Deserve Their Own Incident Response Plan
With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.
🗓️ HTTP request smuggling bug patched in HAProxy 🗓️
📖 Read
via "The Daily Swig".
Exploitation could enable attackers to access backend servers📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
👍1
🛠 Faraday 4.3.3 🛠
📖 Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2022-47986 ‼
📖 Read
via "National Vulnerability Database".
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24329 ‼
📖 Read
via "National Vulnerability Database".
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45701 ‼
📖 Read
via "National Vulnerability Database".
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29168 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23007 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24388 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23899 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.📖 Read
via "National Vulnerability Database".
🕴 Massive GoAnywhere RCE Exploit: Everything You Need to Know 🕴
📖 Read
via "Dark Reading".
Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.📖 Read
via "Dark Reading".
Dark Reading
Massive GoAnywhere RCE Exploit: Everything You Need to Know
Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.
‼ CVE-2021-32441 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0822 ‼
📖 Read
via "National Vulnerability Database".
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43927 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3172 ‼
📖 Read
via "National Vulnerability Database".
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24369 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34164 ‼
📖 Read
via "National Vulnerability Database".
Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19824 ‼
📖 Read
via "National Vulnerability Database".
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33948 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20803 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.📖 Read
via "National Vulnerability Database".