In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn’t properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.

Read More

SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.

Read More

SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.

Read More

SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.

Read More

SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.

Read More

SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.

Read More

FEDORA-EPEL-2022-cf82fb137a

Packages in this update:

clamav-0.103.6-1.el7

Update description:

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

Read More

FEDORA-EPEL-2022-334a36ba83

Packages in this update:

clamav-0.103.6-1.el8

Update description:

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

Read More

FEDORA-EPEL-2022-5c7d584007

Packages in this update:

clamav-0.103.6-1.el9

Update description:

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

Read More

FEDORA-2022-a910a41a17

Packages in this update:

clamav-0.103.6-1.fc34

Update description:

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

Read More