[Apologies for cross-posting]
--
C a l l F o r P a p e r s
I27th European Symposium on Research in Computer Security (ESORICS) 2022
26-30 September 2022, Copenhagen, Denmark
URL: https://esorics2022.compute.dtu.dk/#
SEC Consult Vulnerability Lab Security Advisory < 20220124-0 >
===
title: Authenticated Path Traversal
product: Ethercreative Logs plugin for Craft CMS
vulnerable version: <=3.0.3
fixe
SEC Consult Vulnerability Lab Security Advisory < 20220120-0 >
===
title: Local file inclusion vulnerability
product: Land Software - FAUST iServer
vulnerable version: 9.0.017.017.1-3 - 9.0.018.018.4
Summary:
A vulnerability to DLL Injection attacks was found in the Alps Alpine Touchpad
driver, which might allow an attacker to access the kernel area memory. Alps
Alpine has released updates to mitigate this potential vulnerability.
Vulnerability Details:
The ALPS ALPINE Touchpad driver
SEC Consult Vulnerability Lab Security Advisory < 20220117-0 >
===
title: Stored Cross-Site Scripting vulnerability
product: TYPO3 extension "femanager"
vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5_B.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wollf.16
Vulnerability: Weak Hardcoded Credentials
Description: The malware runs
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wollf.16
Vulnerability: Authentication Bypass
Description: The malware listens on
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948dd50f.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Ransomware Builder Babuk
Vulnerability: Insecure Permissions
Description: The malware creates
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e8e39.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wisell
Vulnerability: Unauthenticated Remote Command Execution
Description: The
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d_B.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: CollectorStealerBuilder v2.0.0 Panel
Vulnerability: Man-in-the-Middle (MITM)
Description: MITM
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: CollectorStealerBuilder v2.0.0 Panel
Vulnerability: Insecure Credential Storage
Description: The
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ca294b2f778abc14fef6313b3cea7155.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: VulturiBuilder
Vulnerability: Insecure Permissions
Description: The malware writes an .EXE with
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source: https://malvuln.com/advisory/8b855e56e41a6e10d28522a20c1e03
41.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Chaos Ransomeware Builder v4
Vulnerability: Insecure Permissions
Description: The malware writes
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7ef
f7_B.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: AgentTesla Builder Web Panel
Vulnerability: SQL Injection
Description: The AgentTeslaBuilder
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7ef
f7.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: AgentTesla Builder Web Panel
Vulnerability: Cross Site Scripting (XSS)
Description:
Advisory ID: TO-2021-001
Product: WebACMS
Vendor: AFI Solutions GmbH
Tested Version: 2.1.0
Fixed Version: -
Vulnerability Type: Cross-Site Scripting (CWE-79)
CVSSv2 Severity: AV:N/AC:L/Au:N/C:P/I:P/A:N (Score 6.4)
CVSSv3 Severity: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (Score 6.1)
Solution Status:
[+] Credits: Mahmoud Al-Qudsi
[+] Website: https://neosmart.net/
[+] Source: https://neosmart.net/blog/?p=4865
[+] Media: https://twitter.com/mqudsi and https://twitter.com/neosmart
[Vendor]
Xerox Corporation
[Product]
Xerox Versalink printers, other Xerox printers/copiers.
[Vulnerability Type]
Document Title
===
Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221.
Product Description
===
The H2 Console Application
The Console lets you access a SQL database using a browser interface.
Homepage: http://www.h2database.com/html/quickstart.html
18 matches
Mail list logo