lenovo warranty check/lookup | check warranty status | lenovo support us

Categories: Exploits and vulnerabilities Categories: News Tags: Zoho ManageEngine Tags: CVE-2021-40539 Tags: Log4Shell Tags: CVE-2021-44228 Tags: CVE-2021-13379 Tags: ProxyShell Tags: CVE-2021-34473 Tags: CVE-2021-31207 Tags: CVE-2021-34523 Tags: CVE-2021-26084 Tags: Atlassian Tags: CVE-2022-22954 Tags: CVE-2022-22960 Tags: CVE-2022-26134 Tags: CVE-2022-1388 Tags: CVE-2022-30190 Tags: Follina What can the routinely exploited vulnerabilities of 2022 tell us, and what do we think will make it on to next year's list? (Read more...) The post 2022's most routinely exploited vulnerabilities—history repeats appeared first on Malwarebytes Labs.

### Summary A user with admin permission can read arbitrary file and directory names on the filesystem by calling the `admin/build-mobile-app/result?build_dir_name=` endpoint. The `build_dir_name` parameter is not properly validated and it's then used to construct the `buildDir` that is read. The file/directory names under the `buildDir` will be returned. ### Details - file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/admin.js#L2884-L2893 ```js router.get( "/build-mobile-app/result", isAdmin, error_catcher(async (req, res) => { const { build_dir_name } = req.query; // [1] source const rootFolder = await File.rootFolder(); const buildDir = path.join( rootFolder.location, "mobile_app", build_dir_name // [2] ); const files = await Promise.all( fs .readdirSync(buildDir) // [3] sink .map(async (outFile) => await File.from_file_on_disk(outFile, buildDir)) ); [...] }) ); ``` ...

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.

Categories: News Tags: BreachForums Tags: Pompompurin Tags: FBI Tags: Dark Web Tags: data breaches After the arrest of the administrator of the Dark Web site BreachForums there was talk about keeping it alive, but now the forums will be shut down for fear of law enforcement infiltration. (Read more...) The post BreachForums to be shut down after all for fear of law enforcement infiltration appeared first on Malwarebytes Labs.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

A missing access check in the `InvitationController` allows an unauthenticated user to delete all frontend users.

Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.

Cybercriminals are using AI to impersonate small businesses. Security architects are using it to help small businesses fight back.