PT-2022-24325 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon versions prior to 22.10.0-beta1 Description: A critical issue has been identified, affecting the Contact Groups Form component, specifically the file formContactGroup.php. The manipulation of the cg id argument leads to SQL injection...

CVE-2022-3827 centreon Contact Groups Form formContactGroup.php sql injection

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cgid leads to sql injection. The attack can be initiated remotely. The name of t...

CVE-2022-3827

Summary of CVE-2022-3827 (Centreon) : A vulnerability in Centreon’s Contact Groups Form (file formContactGroup.php) arises from manipulating the cg_id parameter, causing an SQL injection. The issue is exploitable remotely and can impact confidentiality, integrity, and availability. The patch iden...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

Authentication flaw

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-41688

Delta Electronics InfraSuite Device Master prior to 1.0.3 is affected by a missing authentication vulnerability in critical functions that create/modify user groups (notably the AddNewUser path). The root cause involves unauthenticated execution of operations that can create a new user and grant ...

CVE-2022-43169

A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

CVE-2022-43169

A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other features. A security vulnerability exists in Rukovoditel version 3.2.1, which stems from the Name parameter of the...

PT-2022-26786 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue exists in the Users Access Groups feature, specifically in the /index.php?module=users groups/users groups API endpoint, allowing authenticated attackers to execut...

CVE-2022-43169

A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

PT-2022-26026 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior Description: The issue concerns a lack of proper authentication for functions that create and modify user groups. An attacker could exploit this by providing malicious...

Text2Shell: Vulnerability like Log4Shell in Apache Common Texts

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new vulnerability in Apache Commons Text has been named text2shell. The vulnerability allows unauthenticated attackers to remotely execute code on servers running affected applications. Due to t...

Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-156)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-156 advisory. A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:3655-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3655-1 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building ...

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 CVSS score: 9.8, the issue affects a component of the Zimbra suite called Amavis, a...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Overview On September 10, 2022, a user reported on Zimbras official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary file...

The Fight to Cut Off the Crypto Fueling Russia's Ukraine Invasion

Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency donations to Russia’s violent militia groups...