βΌ CVE-2022-48362 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-26091 βΌ
π Read
via "National Vulnerability Database".
The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25105 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2021-3329 βΌ
π Read
via "National Vulnerability Database".
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stackπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1048 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1043 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1045 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1046 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1042 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1044 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1047 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26602 βΌ
π Read
via "National Vulnerability Database".
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48363 βΌ
π Read
via "National Vulnerability Database".
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-26606 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-26605 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26607 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.π Read
via "National Vulnerability Database".
β Beware rogue 2FA apps in App Store and Google Play β donβt get hacked! β
π Read
via "Naked Security".
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)π Read
via "Naked Security".
Naked Security
Beware rogue 2FA apps in App Store and Google Play β donβt get hacked!
Even in Appleβs and Googleβs βwalled gardensβ, there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
βοΈ When Low-Tech Hacks Cause High-Impact Breaches βοΈ
π Read
via "Krebs on Security".
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it's worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.π Read
via "Krebs on Security".
Krebs on Security
When Low-Tech Hacks Cause High-Impact Breaches
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandablyβ¦
βΌ CVE-2023-26609 βΌ
π Read
via "National Vulnerability Database".
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26257 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31405 βΌ
π Read
via "National Vulnerability Database".
MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.π Read
via "National Vulnerability Database".