Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Roxy-WI Remote Command Execution

This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.

Packet Storm
Open in Source
#vulnerability#web#linux#git#rce#nginx#auth#ssl
Siemens Energy Takes Next Step to Protect Critical Infrastructure

Company joins AWS Partner Network to provide customers with industrial cybersecurity solution to ensure reliable electricity and fuel supplies.

Cloud fax company claims healthcare pros are ditching email for ‘more secure’ fax

The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extr

CVE-2022-30706: Booked – Simply Powerful Scheduling

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

CVE-2022-23000: WDC-22011 My Cloud Firmware Version 5.23.114 | Western Digital

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.

CVE-2022-33969: Changeset 2648808 – WordPress Plugin Repository

Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.

CVE-2022-29495: Popup Builder – Create highly converting, mobile friendly marketing popups.

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

What Firewalls Can — and Can't — Accomplish

Understanding the limitations of firewalls is important to protecting the organization from evolving threats.

An Easier Way to Keep Old Python Code Healthy and Secure

Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of

CVE-2022-34487: Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.