‼ CVE-2022-48585 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “admin brand portalâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39000 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48596 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “ticket queue watchersâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39008 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-48589 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporting job editorâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39002 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48593 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “topology data serviceâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48595 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “ticket template watchersâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48591 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print reportâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48580 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48598 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporter events type dateâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38999 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39004 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48599 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporter events typeâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48592 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print reportâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39007 ‼
📖 Read
via "National Vulnerability Database".
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38998 ‼
📖 Read
via "National Vulnerability Database".
An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.📖 Read
via "National Vulnerability Database".
🕴 It's Time for Cybersecurity to Talk About Climate Change 🕴
📖 Read
via "Dark Reading".
From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.📖 Read
via "Dark Reading".
Dark Reading
It's Time for Cybersecurity to Talk About Climate Change
From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.
🕴 New LLM Tool Seeks and Remediates Vulnerabilities 🕴
📖 Read
via "Dark Reading".
Vicarius launched vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor.📖 Read
via "Dark Reading".
Dark Reading
New LLM Tool Seeks and Remediates Vulnerabilities
At Black Hat USA 2023, Vicarius launched vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor.
🕴 Researchers Detail Vuln That Allowed for Windows Defender Update Process Hijack 🕴
📖 Read
via "Dark Reading".
Newly patched flaw allowed attackers to sneak malware past Defender, delete benign files, and inflict mayhem on target systems.📖 Read
via "Dark Reading".
Dark Reading
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR
A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems.
🕴 Black Hat Opens With Call to Steer AI from Predictions to Policy 🕴
📖 Read
via "Dark Reading".
Without cybersecurity guardrails now, AI will be harder to harness in the future. 📖 Read
via "Dark Reading".
Dark Reading
Black Hat Opens With Call to Steer AI From Predictions to Policy
Without cybersecurity guardrails now, AI will be harder to harness in the future.