Aggregator

A vulnerability, which was classified as problematic, has been found in SilverStripe versioned-admin. This issue affects some unknown processing of the component Compare Mode. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-38145. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SilverStripe Framework 3.1.13/4.8.1/4.10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTMLEditor. The manipulation leads to HTML injection. This vulnerability is known as CVE-2022-37429. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SilverStripe Framework 3.1.13/4.8.1/4.10.1 and classified as problematic. Affected by this issue is some unknown functionality of the component HTMLEditor. The manipulation leads to HTML injection. This vulnerability is handled as CVE-2022-37430. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SilverStripe Assets. It has been rated as problematic. This issue affects some unknown processing of the component GPX File Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-38147. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Insyde Kernel up to 5.5 and classified as critical. This issue affects some unknown processing of the component MebxConfiguration Driver. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-36337. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability has been found in Maarch RM 2.8.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2022-37772. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Optilink OP-XT71000N. This affects an unknown part of the file /routing.asp of the component New Route Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2020-23587. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Optilink OP-XT71000N. This vulnerability affects unknown code of the file /rmtacc.asp. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2020-23588. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in oretnom23 Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /avms/index.php. The manipulation leads to sql injection. This vulnerability was named CVE-2022-44139. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. It has been rated as critical. Affected by this issue is the function UploadFirmwareFile. The manipulation of the argument FileName leads to command injection. This vulnerability is handled as CVE-2022-44249. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This affects the function setOpModeCfg. The manipulation of the argument Hostname leads to command injection. This vulnerability is uniquely identified as CVE-2022-44250. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setUssd. The manipulation of the argument ussd leads to command injection. This vulnerability was named CVE-2022-44251. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This issue affects the function setUploadSetting. The manipulation of the argument FileName leads to command injection. The identification of this vulnerability is CVE-2022-44252. Access to the local network is required for this attack to succeed. There is no exploit available.

Welcome to the first edition of This Week in Scams, a new weekly series from McAfee breaking down the latest...

The post This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge appeared first on McAfee Blog.

A vulnerability was found in Adobe Flash Player up to 11.2.202.540/19.0.0.213/19.0.0.226. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2015-8046. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Huawei UTPS 1.0/UTPS-V200R003B015D15SP00C983. This affects an unknown part of the component UTPS Service Query Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2016-8769. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Qualys this week added a tool that makes it possible for organizations to continuously run audits in a way that promises to dramatically reduce failure rates.

The post Qualys Adds Tool to Automate Audit Workflows appeared first on Security Boulevard.

A vulnerability was found in eMedia simpleRedak up to 2.47.23.05. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/cb/format_642.php. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-33761. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in eMedia simpleRedak up to 2.47.23.05. This affects an unknown part of the file /scheduler/index.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-33763. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2017-20185. The attack may be initiated remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. It is recommended to apply a patch to fix this issue.