What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-24 07:15:09 | CVE-2022-44748 (lien direct) | A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised. | Vulnerability Guideline | ||
|
2022-11-23 21:15:10 | CVE-2022-41932 (lien direct) | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue. | Guideline | ||
|
2022-11-23 20:15:10 | CVE-2022-41934 (lien direct) | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate. | Guideline | ||
|
2022-11-23 19:15:12 | CVE-2022-41875 (lien direct) | A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`. | Vulnerability Guideline | ||
|
2022-11-23 18:15:12 | CVE-2022-40304 (lien direct) | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | Guideline | ||
|
2022-11-23 18:15:12 | CVE-2022-40771 (lien direct) | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | Guideline | ||
|
2022-11-23 17:15:10 | CVE-2022-38114 (lien direct) | This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | Vulnerability Guideline | ||
|
2022-11-23 03:15:10 | CVE-2022-36337 (lien direct) | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. | Vulnerability Guideline | ||
|
2022-11-23 02:15:09 | CVE-2020-23584 (lien direct) | Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution. | Guideline | ||
|
2022-11-23 02:15:09 | CVE-2022-37772 (lien direct) | Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | Guideline | ||
|
2022-11-23 02:15:09 | CVE-2020-23592 (lien direct) | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials. | Vulnerability Guideline | ||
|
2022-11-23 01:15:09 | CVE-2020-23583 (lien direct) | OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system. | Guideline | ||
|
2022-11-23 00:15:11 | CVE-2022-40303 (lien direct) | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | Guideline | ||
 |
2022-11-22 23:47:00 | Anomali Cyber Watch: URI Fragmentation Used to Stealthily Defraud Holiday Shoppers, Lazarus and BillBug Stick to Their Custom Backdoors, Z-Team Turned Ransomware into Wiper, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Phishing, Ransomware, Signed malware, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
DEV-0569 Finds New Ways to Deliver Royal Ransomware, Various Payloads
(published: November 17, 2022)
From August to October, 2022, Microsoft researchers detected new campaigns by a threat group dubbed DEV-0569. For delivery, the group alternated between delivering malicious links by abusing Google Ads for malvertising and by using contact forms on targeted organizations’ public websites. Fake installer files were hosted on typosquatted domains or legitimate repositories (GitHub, OneDrive). First stage was user-downloaded, signed MSI or VHD file (BatLoader malware), leading to second stage payloads such as BumbleBee, Gozi, Royal Ransomware, or Vidar Stealer.
Analyst Comment: DEV-0569 is a dangerous group for its abuse of legitimate services and legitimate certificates. Organizations should consider educating and limiting their users regarding software installation options. Links from alternative incoming messaging such as from contact forms should be treated as thorough as links from incoming email traffic.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Impair Defenses - T1562 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: actor:DEV-0569, detection:Cobalt Strike, detection:Royal, malware-type:Ransomware, file-type:VHD, detection:NSudo, malware-type:Hacktool, detection:IcedID, Google Ads, Keitaro, Traffic distribution system, detection:Gozi, detection:BumbleBee, NirCmd, detection:BatLoader, malware-type:Loader, detection:Vidar, malware-type:Stealer, AnyDesk, GitHub, OneDrive, PowerShell, Phishing, SEO poisoning, TeamViewer, Adobe Flash Player, Zoom, Windows
Highly Sophisticated Phishing Scams Are Abusing Holiday Sentiment
(published: November 16, 2022)
From mid-September 2022, a new phishing campaign targets users in North America with holiday special pretenses. It impersonated a number of major brands including Costco, Delta Airlines, Dick's, and Sam's Club. Akamai researchers analyzed techniques that the underlying sophisticated phishing kit was using. For defense evasion and tracking, the attackers used URI fragmentation. They were placing target-specific tokens after the URL fragment identifier (a hash mark, aka HTML anchor). The value was used by a JavaScript code running on the victim’s browser to reconstruct the redirecting URL.
Analyst Comment: Evasion through URI fragmentation hides the token value from traff |
Ransomware Malware Tool Threat Guideline Medical | APT 38 | ★★★★ |
 |
2022-11-22 23:17:10 | 5 API Vulnerabilities That Get Exploited by Criminals (lien direct) | >Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It's no secret that cyber security has become a leading priority for most organizations - especially those in industries that handle sensitive customer information. And as these businesses work towards building robust […] | Guideline | ★★★ | |
|
2022-11-22 20:15:11 | CVE-2022-41919 (lien direct) | Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'. | Guideline | ||
|
2022-11-22 19:15:18 | CVE-2022-4116 (lien direct) | A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. | Vulnerability Guideline | ||
|
2022-11-22 16:15:10 | CVE-2022-41952 (lien direct) | Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file. | Guideline | ||
 |
2022-11-22 13:15:35 | Cyberattaque : Proofpoint signale le détournement possible de Nighthawk (lien direct) | En septembre 2022, les chercheurs de la société Proofpoint, l'un des leaders dans les domaines de la cybersécurité et la conformité, ont identifié l'apparition d'un nouveau test d'intrusion appelé Nighthawk. Lancé à la fin de l'année 2021 par MDSec, Nighthawk est un cheval de Troie d'accès à distance (RAT) similaire à d'autres outils tels que Brute Ratel et Cobalt Strike. Comme ces derniers, Nighthawk pourrait rapidement être adopté par les cybercriminels soucieux de diversifier leurs stratégies d'attaque, (...) - Malwares | Guideline | ★★★★ | |
|
2022-11-22 13:15:13 | CVE-2022-3910 (lien direct) | Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 | Vulnerability Guideline | ||
 |
2022-11-22 13:05:40 | Mind the Gap (lien direct) | By Ian Beer, Project Zero Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable. Introduction In June 2022, Project Zero researcher Maddie Stone gave a talk at FirstCon22 titled 0-day In-the-Wild Exploitation in 2022…so far. A key takeaway was that approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities. This finding is consistent with our understanding of attacker behavior: attackers will take the path of least resistance, and as long as vendors don't consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. The presentation discussed an in the wild exploit targeting the Pixel 6 and leveraging CVE-2021-39793, a vulnerability in the ARM Mali GPU driver used by a large number of other Android devices. ARM's advisory described the vulnerability as: Title Mali GPU Kernel Driver may elevate CPU RO pages to writable CVE CVE-2022-22706 (also reported in CVE-2021-39793) Date of issue 6th January 2022 Impact A non-privileged user can get a write access to read-only memory pages [sic]. The week before FirstCon22, Maddie gave an internal preview of her talk. Inspired by the description of an in-the-wild vulnerability in low-level memory management code, fellow Project Zero researcher Jann Horn started auditing the ARM Mali GPU driver. Over the next three weeks, Jann found five more exploitable vulnerabilities (2325, 2327, | Vulnerability Guideline | ||
|
2022-11-22 09:58:32 | Utimaco Expands Collaboration with Microsoft by joining the Microsoft Intelligent Security Association (lien direct) | Utimaco, a leading global provider of IT security solutions, has deepened its relationship with Microsoft, by joining the Microsoft Intelligent Security Association (MISA). The association is an ecosystem of independent software vendors and managed security service providers, of which Utimaco will now be part, which aims to better defend the world against cybersecurity threats by integrating their solutions with Microsoft's security technology. pecifically, Utimaco's DKE (Double Key (...) - Business News | Guideline | ★★ | |
|
2022-11-22 09:52:38 | Le fonds innovation défense investit dans Dust Mobile, premier opérateur mobile de cyberdéfense. (lien direct) | Sébastien Lecornu, ministre des Armées, se félicite de la participation du fonds innovation défense à la levée de capitaux de 12 millions d'euros en faveur de la start-up Dust Mobile. Cette levée de fonds a été menée auprès du fonds innovation défense, créé par l'Agence de l'innovation de défense (AID) et géré par Bpifrance. Participent aussi Tikehau Ace Capital, leader européen du capital-investissement dans la sécurité du numérique, via le fonds Brienne III (fonds dédié à la cybersécurité) et OMNES Capital, (...) - Business | Guideline | ★★ | |
|
2022-11-22 09:39:22 | Cyber Risk Index - Etude mondiale sur l\'état de la menace (lien direct) | 8 entreprises sur 10 s'attendent à subir une attaque informatique dans les 12 prochains mois. Trend Micro Incorporated, entreprise japonaise parmi les leaders mondiaux en matière de sécurité numérique, publie les résultats de son étude mondiale Cyber Risk Index (CRI)*, qui fait état des attaques subies par les entreprises et de leur capacité à y répondre au cours du premier semestre 2022. Les entreprises interrogées estiment qu'elles sont de plus en plus la cible d'attaques informatiques et que s'en (...) - Points de Vue | Guideline | ★★★★ | |
|
2022-11-22 02:15:11 | CVE-2022-36227 (lien direct) | In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution. | Guideline | ||
|
2022-11-22 02:15:09 | CVE-2022-35407 (lien direct) | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. | Guideline | ||
 |
2022-11-22 02:00:00 | Know thy enemy: thinking like a hacker can boost cybersecurity strategy (lien direct) | As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they're after.That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it could mean deliberately disorienting them by creating scenarios that don't match up to those expectations. “It's about how to drive defenses by knowing how the adversaries actually behave,” says Morovitz, who is also group leader for MITRE Engage, a cyber adversary engagement framework.To read this article in full, please click here | Hack Threat Guideline | ★★★ | |
|
2022-11-21 17:15:25 | CVE-2022-35897 (lien direct) | An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code. | Vulnerability Guideline | ||
|
2022-11-21 16:15:25 | CVE-2022-40129 (lien direct) | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | Vulnerability Guideline | ||
|
2022-11-21 16:15:12 | CVE-2022-37332 (lien direct) | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | Vulnerability Guideline | ||
|
2022-11-21 16:15:12 | CVE-2022-38097 (lien direct) | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | Vulnerability Guideline | ||
|
2022-11-21 16:15:12 | CVE-2022-32774 (lien direct) | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | Vulnerability Guideline | ||
 |
2022-11-21 14:10:26 | CGI\'s Cyber Escape Experience visits Lincoln (lien direct) | Leading IT solutions provider, CGI, brought its Cyber Escape experience to Lincoln as a part of a UK-wide tour. The escape room-style experience allowed staff, students, and local organisations to learn about online security risks in a fun and interactive way. CGI's Cyber Escape was hosted at the University of Lincoln, where staff and students were invited to […] | Guideline | ||
 |
2022-11-21 14:10:22 | (Déjà vu) Gestion des API : où en sont les principaux fournisseurs ? (lien direct) | Sept fournisseurs se positionnent comme " leaders " dans le dernier Magic Quadrant de la gestion des API. À quels titres ? | Guideline | ||
|
2022-11-21 11:59:00 | BrandPost: 6 Questions to Ask Before You Hire a Managed Security Services Provider (lien direct) | Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm alsopredicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.To read this article in full, please click here | Guideline | ||
|
2022-11-21 11:16:14 | Top Players Among the Most Breached Passwords – World Cup edition (lien direct) | With the 2022 Qatar World Cup now underway, Specops Software, a leading provider of password management and user authentication solutions, has today released its findings which observed the commonality of passwords that contained a likely player, country or World Cup-related term within a password. According to the research by Specops, which analysed over 800 million compromised passwords (a subset of a larger list included within its Breached Password Protection list of over 3 billion passwords), it was found 'Kane', possibly in reference to […] | Guideline | ||
|
2022-11-21 11:15:20 | CVE-2022-3720 (lien direct) | The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users | Guideline | ||
|
2022-11-21 11:15:20 | CVE-2022-3634 (lien direct) | The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection | Guideline | ||
|
2022-11-21 11:15:20 | CVE-2022-3600 (lien direct) | The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | Guideline | ||
|
2022-11-21 07:15:08 | CVE-2022-4087 (lien direct) | A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-21 05:15:10 | CVE-2022-4093 (lien direct) | SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected | Guideline | ||
|
2022-11-20 14:15:11 | CVE-2022-4086 (lien direct) | A vulnerability was found in WP White Security WP Activity Log Plugin. It has been classified as problematic. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214053 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-20 14:15:11 | CVE-2022-4085 (lien direct) | A vulnerability was found in Top Infosoft Visitor Details Plugin and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214052. | Vulnerability Guideline | ||
|
2022-11-20 14:15:11 | CVE-2022-4084 (lien direct) | A vulnerability has been found in Activity Log Plugin and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214051. | Vulnerability Guideline | ||
|
2022-11-20 14:15:10 | CVE-2022-4083 (lien direct) | A vulnerability, which was classified as problematic, was found in MyTechTalky User Location and IP Plugin. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214050 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-11-20 14:15:10 | CVE-2022-4081 (lien direct) | A vulnerability classified as problematic was found in getseofix Show Visitor IP Address Widget and Shortcode Plugin. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214048. | Vulnerability Guideline | ||
|
2022-11-20 14:15:10 | CVE-2022-4082 (lien direct) | A vulnerability, which was classified as problematic, has been found in Solwin Infotech User Activity Log Plugin. This issue affects some unknown processing of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214049 was assigned to this vulnerability. | Guideline | ||
|
2022-11-20 14:15:09 | CVE-2022-4080 (lien direct) | A vulnerability classified as problematic has been found in Opal Login History Plugin. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214047. | Vulnerability Guideline | ||
|
2022-11-20 13:15:30 | CVE-2022-4078 (lien direct) | A vulnerability was found in IP Location Block Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214045 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-20 13:15:30 | CVE-2022-4079 (lien direct) | A vulnerability was found in Show Visitor IP Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214046 is the identifier assigned to this vulnerability. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
