What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-19 12:15:13 | CVE-2023-23690 (lien direct) | Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. | Threat Guideline | ||
|
2023-01-19 10:15:11 | CVE-2014-125083 (lien direct) | A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911. | Vulnerability Guideline | ||
|
2023-01-19 10:15:11 | CVE-2015-10071 (lien direct) | A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. Upgrading to version 1.0 is able to address this issue. The name of the patch is 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951. | Vulnerability Guideline | ||
|
2023-01-19 10:15:11 | CVE-2015-10070 (lien direct) | A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The name of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-19 10:15:10 | CVE-2013-10014 (lien direct) | A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
 |
2023-01-19 09:33:48 | Exploiting null-dereferences in the Linux kernel (lien direct) | Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for exploiting null-deref bugs. However with the introduction of modern exploit mitigations such as SMEP and SMAP, as well as mmap_min_addr preventing unprivileged programs from mmap’ing low addresses, null-deref bugs are generally not considered a security issue in modern kernel versions. This blog post provides an exploit technique demonstrating that treating these bugs as universally innocuous often leads to faulty evaluations of their relevance to security. Kernel oops overview At present, when the Linux kernel triggers a null-deref from within a process context, it generates an oops, which is distinct from a kernel panic. A panic occurs when the kernel determines that there is no safe way to continue execution, and that therefore all execution must cease. However, the kernel does not stop all execution during an oops - instead the kernel tries to recover as best as it can and continue execution. In the case of a task, that involves throwing out the existing kernel stack and going directly to make_task_dead which calls do_exit. The kernel will also publish in dmesg a “crash” log and kernel backtrace depicting what state the kernel was in when the oops occurred. This may seem like an odd choice to make when memory corruption has clearly occurred - however the intention is to allow kernel bugs to more easily be detectable and loggable under the philosophy that a working system is much easier to debug than a dead one. The unfortunate side effect of the oops recovery path is that the kernel is not able to perform any associated cleanup that it would normally perform on a typical syscall error recovery path. This means that any locks that were locked at the moment of the oops stay locked, any refcounts remain taken, any memory otherwise temporarily allocated remains allocated, etc. However, the process that generated the oops, its associated kernel stack, task struct and derivative members etc. can and often will be freed, meaning that depending on the precise circumstances of the oops, it’s possible that no memory is actually leaked. This becomes particularly important in regards to exploitation later. Reference count mismanagement overview Refcount mismanagement is a fairly well-known and exploitable issue. In the case where software improperly | Guideline | ★★★★ | |
|
2023-01-19 08:15:13 | CVE-2022-4892 (lien direct) | A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895. | Vulnerability Guideline | ||
|
2023-01-19 08:15:12 | CVE-2017-20174 (lien direct) | A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The name of the patch is 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-19 08:15:10 | CVE-2015-10069 (lien direct) | A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218896. | Vulnerability Guideline | ||
 |
2023-01-19 07:59:00 | BrandPost: Not If, But When: Maintaining Resilience as Threat Actors Adapt (lien direct) | Talos recently published its inaugural 2022 Year-in-Review report. We gathered insight from dozens of subject matter experts all throughout Cisco to tell a data-driven story about the major security events Cisco responded to, trends in the threat landscape, and what it all means for 2023.As we reviewed the major events from this year, one throughline seemed particularly clear: adversaries are adapting to shifts in the geopolitical landscape, actions from law enforcement, and the efforts of defenders. Organizations, IT leaders, and security professionals will need to track and address these shifts in behavior to maintain resilience.To read this article in full, please click here | Threat Guideline | ★★ | |
|
2023-01-19 07:37:00 | Why you don\'t have to fix every vulnerability (lien direct) | The word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.To read this article in full, please click here | Vulnerability Guideline | ★★ | |
|
2023-01-18 21:15:10 | CVE-2010-10009 (lien direct) | A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519. | Vulnerability Guideline | ||
|
2023-01-18 19:15:12 | CVE-2023-21613 (lien direct) | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-01-18 19:15:12 | CVE-2023-22594 (lien direct) | IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. | Vulnerability Guideline | ||
|
2023-01-18 19:15:12 | CVE-2023-21614 (lien direct) | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-01-18 19:15:11 | CVE-2023-21585 (lien direct) | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-01-18 19:15:11 | CVE-2023-21581 (lien direct) | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
 |
2023-01-18 18:34:13 | WatchGuard names Simon Yeo Senior Vice President of Operations (lien direct) | WatchGuard names Simon Yeo Senior Vice President of Operations Industry veteran and former Barracuda executive to lead company's IT systems and infrastructure, security, and cloud operations - Business News | Guideline | ★ | |
|
2023-01-18 18:15:10 | CVE-2023-21601 (lien direct) | Adobe Dimension version 3.4.6 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-01-18 18:15:10 | CVE-2023-21603 (lien direct) | Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-01-18 17:15:10 | CVE-2023-22809 (lien direct) | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | Guideline | ||
 |
2023-01-18 16:35:00 | Anomali Cyber Watch: FortiOS Zero-Day Has Been Exploited by an APT, Two RATs Spread by Four Types of JAR Polyglot Files, Promethium APT Continued Android Targeting (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, Polyglot, RATs, Russia, Skimmers, Trojanized apps, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware
(published: January 16, 2023)
On January 10, 2023, Fortinet researchers detected actor Lolip0p offering malicious packages on the Python Package Index (PyPI) repository. The packages came with detailed, convincing descriptions pretending to be legitimate HTTP clients or, in one case, a legitimate improvement for a terminal user interface. Installation of the libraries led to infostealing malware targeting browser data and authentication (Discord) tokens.
Analyst Comment: Free repositories such as PyPI become increasingly abused by threat actors. Before adding a package, software developers should review its author and reviews, and check the source code for any suspicious or malicious intent.
MITRE ATT&CK: [MITRE ATT&CK] T1204 - User Execution | [MITRE ATT&CK] T1555 - Credentials From Password Stores
Tags: actor:Lolip0p, Malicious package, malware-type:Infostealer, Discord, PyPi, Social engineering, Windows
Analysis of FG-IR-22-398 – FortiOS - Heap-Based Buffer Overflow in SSLVPNd
(published: January 11, 2023)
In December 2022, the Fortinet network security company fixed a critical, heap-based buffer overflow vulnerability (FG-IR-22-398, CVE-2022-42475) in FortiOS SSL-VPN. The vulnerability was exploited as a zero-day by an advanced persistent threat (APT) actor who was customizing a Linux implant specifically for FortiOS of relevant FortiGate hardware versions. The targeting was likely aimed at governmental or government-related targets. The attribution is not clear, but the compilation timezone UTC+8 may point to China, Russia, and some other countries.
Analyst Comment: Users of the affected products should make sure that the December 2022 FortiOS security updates are implemented. Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Network defenders are advised to monitor for suspicious traffic, such as suspicious TCP sessions with Get request for payloads.
MITRE ATT&CK: [MITRE ATT&CK] T1622 - Debugger Evasion | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1105 - Ingress Tool Transfer | [MITRE ATT&CK] T1090 - Proxy | [MITRE ATT&CK] T1070 - Indicator Removal On Host
Tags: FG-IR-22-398, CVE-2022-42 |
Malware Tool Vulnerability Threat Guideline | LastPass | ★★ |
|
2023-01-18 16:15:11 | CVE-2022-46505 (lien direct) | An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. | Guideline | ||
|
2023-01-18 16:15:10 | CVE-2011-10001 (lien direct) | A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The name of the patch is d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491. | Vulnerability Guideline | ||
|
2023-01-18 16:15:10 | CVE-2017-20173 (lien direct) | A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218492. | Vulnerability Guideline | ||
|
2023-01-18 16:15:10 | CVE-2012-10006 (lien direct) | A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-18 15:15:11 | CVE-2017-20172 (lien direct) | A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The name of the patch is 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-18 15:15:11 | CVE-2022-45103 (lien direct) | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system. | Guideline | ||
|
2023-01-18 12:15:10 | CVE-2022-34457 (lien direct) | Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users. | Vulnerability Guideline | ||
|
2023-01-18 11:32:46 | Veeam Research Finds IT Leaders Feel Increasingly Unprotected from Cyberattacks and Other Disasters (lien direct) | Veeam Research Finds IT Leaders Feel Increasingly Unprotected from Cyberattacks and Other Disasters Veeam Data Protection Trends Report 2023 shows that data backup budgets will continue to rise to align with the increasing importance of consistency and reliability for hybrid cloud data protection and as organizations continue their fight against ransomware - Special Reports | Guideline | ★ | |
 |
2023-01-18 11:26:00 | CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9) | Guideline Industrial | ★★★ | |
 |
2023-01-18 11:00:00 | Telephony fraud and risk mitigation: Understanding this ever-changing threat (lien direct) | Telephony fraud is a significant challenge. Companies of all sizes and industries are subjected to the malicious usage of voice and SMS with the intent of committing financial fraud, identity theft, denial-of-service, and a variety of other attacks. Businesses that fall victim to fraud can incur significant financial losses, irreparable damage to their reputation, and legal implications. Detection of and preventing fraud can be a complex and time-consuming process, requiring businesses to devote significant resources to protect themselves. Some common challenges that companies face when it comes to fraud include the following:
Swiftly adapting to constantly evolving fraud tactics: Fraudsters are always searching for innovative ways to carry out their schemes. Therefore, businesses must be hyper-aware in identifying and addressing potential threats.
Balancing the need for security with customer convenience: Businesses must balance protecting themselves against fraud and providing a seamless customer experience. This can be particularly challenging in the digital age, as customers expect fast, convenient service.
Investing in fraud prevention solutions and skilling up human resources: To stay ahead of fraudsters, organizations may need to invest in technology solutions, such as fraud detection software or security protocols, to help identify and prevent fraudulent activity. Such solutions are often expensive and may require hiring dedicated employees to manage and maintain these toolsets.
Mitigating the aftermath of a fraud incident: If a business or its customers fall victim to a fraud campaign, this organization must be prepared to not only address the immediate financial losses but also work to repair any damage to its reputation and restore customer trust. Such an endeavor is often a time-consuming and costly process.
Vishing
As mentioned above, telephony fraud can consist of voice fraud and SMS fraud sub-categories. Voice fraud, also known as vishing or voice phishing, involves criminals leveraging voice calls or voice messaging to social engineer potential victims into divulging sensitive information or making payments. In this type of attack vector, the malicious actor often attempts to mask their identity through spoofing, which involves alternating caller-ID information to make the communication appear legitimate.
The attacker may also utilize voice manipulation software or even voice impersonation to mask their identity and solicit a target into taking a specific action, such as revealing sensitive data or even transferring bank funds over to the attacker. In such unfortunate scenarios, Vishers may pretend to be an individual from a legitimate organization, such as a trusted individual, a company/business, or a government agency, and request personal information or login credentials.
Some of the voice fraud challenges that companies may face include the following:
Spoofed caller IDs: Criminals can use spoofed caller IDs to make it appear as if the call is coming from a legitimate source, such as a bank or government agency. This can make it difficult for companies to identify fraudulent calls and protect their customers from these scams.
Automated voice messages: Criminals can also use automated voice messages to deliver phishing scams. These messages may ask the recipient to call a specific number to update their account information or resolve an issue. Still, the call leads to a scammer trying to steal sensitive information.
Social engineering tactics: Criminals may use social engineering tactics, such as creating a sense of urgency or playing on the recipient's emotions, to convince them to divulge sensitive information or make a payment.
Smishing
Smishing is a phishing scam involving using text messages to perform various social engineering attempts to convince v |
Data Breach Threat Guideline | ★★★ | |
|
2023-01-18 08:15:10 | CVE-2020-36654 (lien direct) | A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475. | Vulnerability Guideline | ||
|
2023-01-18 08:15:09 | CVE-2020-36653 (lien direct) | A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-18 08:15:09 | CVE-2015-10068 (lien direct) | A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218476. | Vulnerability Guideline | ||
|
2023-01-18 06:15:11 | CVE-2022-34456 (lien direct) | Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application. | Guideline | ||
|
2023-01-18 06:15:11 | CVE-2010-10007 (lien direct) | ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Vulnerability Guideline | ||
|
2023-01-18 01:15:11 | CVE-2020-36651 (lien direct) | A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-18 01:15:11 | CVE-2015-10067 (lien direct) | A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463. | Vulnerability Guideline | ||
|
2023-01-18 01:15:11 | CVE-2018-25077 (lien direct) | A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456. | Vulnerability Guideline | ||
|
2023-01-18 00:15:11 | CVE-2015-10066 (lien direct) | A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The name of the patch is 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-18 00:15:11 | CVE-2014-125082 (lien direct) | A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b8d795094abb15ac73cab90830534e04. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218464. | Vulnerability Guideline | ||
|
2023-01-18 00:15:11 | CVE-2010-10006 (lien direct) | A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460. | Vulnerability Guideline | ||
|
2023-01-17 23:15:15 | CVE-2015-10065 (lien direct) | A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The name of the patch is ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-17 23:15:15 | CVE-2017-20171 (lien direct) | A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The name of the patch is 954425f61634b556fe644837a592a5b8fcfca068. It is recommended to apply a patch to fix this issue. The identifier VDB-218457 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-17 23:15:15 | CVE-2014-125081 (lien direct) | A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459. | Vulnerability Guideline | ||
|
2023-01-17 20:15:11 | CVE-2022-4891 (lien direct) | A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452. | Vulnerability Guideline | ||
|
2023-01-17 19:15:11 | CVE-2015-10064 (lien direct) | A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455. | Vulnerability Guideline | ||
|
2023-01-17 19:15:11 | CVE-2015-10063 (lien direct) | A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The name of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-01-17 19:15:10 | CVE-2015-10062 (lien direct) | A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The name of the patch is 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
