βΌ CVE-2022-41328 βΌ
π Read
via "National Vulnerability Database".
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45861 βΌ
π Read
via "National Vulnerability Database".
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46257 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41333 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27475 βΌ
π Read
via "National Vulnerability Database".
Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25230 βΌ
π Read
via "National Vulnerability Database".
loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-39951 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39953 βΌ
π Read
via "National Vulnerability Database".
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22297 βΌ
π Read
via "National Vulnerability Database".
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27490 βΌ
π Read
via "National Vulnerability Database".
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24775 βΌ
π Read
via "National Vulnerability Database".
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1257 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the deviceΓ’β¬β’s authentication files to create a new user and gain full access to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41329 βΌ
π Read
via "National Vulnerability Database".
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.π Read
via "National Vulnerability Database".
π΄ Hacker Cracks Toyota Customer Search Tool π΄
π Read
via "Dark Reading".
Flaw in Toyota's C360 customer relationship management tool exposed personal data of unknown number of customers in Mexico, a disclosure says.π Read
via "Dark Reading".
Dark Reading
Hacker Cracks Toyota Customer Search Tool
Flaw in Toyota's C360 customer relationship management tool exposed personal data of unknown number of customers in Mexico, a disclosure says.
π΄ Acer Confirms Data Offered Up for Sale Was Stolen π΄
π Read
via "Dark Reading".
An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.π Read
via "Dark Reading".
Dark Reading
Acer Confirms Data Offered Up for Sale Was Stolen
An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.
π΄ Hiatus Campaign Infects DrayTek Gear for Cyber Espionage, Proxy Control π΄
π Read
via "Dark Reading".
Two novel malware binaries, including "HiatusRAT," offer unique capabilities that point to the need for better security for companies' router infrastructure.π Read
via "Dark Reading".
Dark Reading
Hiatus Campaign Infects DrayTek Routers for Cyber Espionage, Proxy Control
Two novel malware binaries, including "HiatusRAT," offer unique capabilities that point to the need for better security for companies' router infrastructure.
βΌ CVE-2023-27481 βΌ
π Read
via "National Vulnerability Database".
Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27479 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `<xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `<xwiki-host>` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27485 βΌ
π Read
via "National Vulnerability Database".
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27480 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1003 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.π Read
via "National Vulnerability Database".