JAHx221 – RCE in copy/pasted PHP compat libraries, json_decode function
Posted by Eldar Marcussen on Jun 30 JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function =============================================================================== Several PHP compatability libraries contain a potential...
Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials
Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: malvuln13 () gmail com Media:...
Backdoor.Win32.Coredoor.10.a / Authentication Bypass
Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt Contact: malvuln13 () gmail com Media:...
Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials
Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: malvuln13 () gmail com Media:...
BigBlueButton – Stored XSS in username (CVE-2022-31064)
Posted by Rick Verdoes via Fulldisclosure on Jun 30 CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton...
typeorm CVE-2022-33171
Posted by lixts via Fulldisclosure on Jun 30 typeorm CVE-2022-33171 findOne(id), findOneOrFail(id) The findOne function in TypeORM before 0.3.0 can either be supplied with a...
🐞 CFP for Hardwear.io NL 2022 is OPEN!
Posted by Andrea Simonca on Jun 30 *🐞 CFP for Hardwear.io NL 2022 is OPEN!* If you have groundbreaking embedded research or an awesome open-source...
[Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022**
Posted by alcaraz on Jun 30 [Apologies for cross-posting] -------------------------------------------------------------------------- C a l l F o r P a p e r s The Workshop...
ZDI-22-948: Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged...
ZDI-22-947: Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged...