Aggregator

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.19_multi. Affected by this issue is the function formSetClientState. The manipulation of the argument deviceId leads to buffer overflow. This vulnerability is handled as CVE-2022-45644. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Tenda AC6 15.03.05.19. It has been declared as critical. Affected by this vulnerability is the function formSetVirtualSer. The manipulation of the argument list leads to buffer overflow. This vulnerability is known as CVE-2022-45651. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Tenda AC6 15.03.05.19. It has been rated as critical. Affected by this issue is the function formSetPPTPServer. The manipulation of the argument startIp leads to buffer overflow. This vulnerability is handled as CVE-2022-45652. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.19. This affects the function fromNatStaticSetting. The manipulation of the argument page leads to buffer overflow. This vulnerability is uniquely identified as CVE-2022-45653. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as critical was found in Tenda AC6 15.03.05.19. This vulnerability affects the function form_fast_setting_wifi_set. The manipulation of the argument ssid leads to buffer overflow. This vulnerability was named CVE-2022-45654. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.19. This issue affects the function form_fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The identification of this vulnerability is CVE-2022-45655. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.19. Affected is the function fromSetSysTime. The manipulation of the argument Time leads to buffer overflow. This vulnerability is traded as CVE-2022-45656. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.19. This issue affects the function formSetMacFilterCfg. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2022-45641. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Rukovoditel 3.2.1. Affected by this issue is some unknown functionality. The manipulation of the argument heading_field_id leads to sql injection. This vulnerability is handled as CVE-2022-44945. The attack needs to be done within the local network. There is no exploit available.

Authors/Presenters: Arun Vishwanath, Fred Heiding, Simon Lermen

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Ground Truth – Devising And Detecting Spear Phishing appeared first on Security Boulevard.

Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.

The post Data in Danger: Detecting Cross-Site Scripting in Grafana appeared first on Security Boulevard.

A misconfigured tracking tool has exposed protected health information of 4.7 million Blue Shield members to Google Ads

The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. [...]

未来几周对于决定索马里首都摩加迪沙的命运以及更广泛的打击青年党叛乱的斗争至关重要。

在这三个地区，伊斯兰国的分支组织持续调整策略，并带着战略意图开展行动，利用地形、当地民众的不满和国家脆弱性。虽然安全部队取得了有限的战术进展，但缺乏持续、综合的反叛乱和稳定措施，受影响的民众处于弱势。

As RSAC 2025 convenes next week in San Francisco, digital trust is poised to take center stage.

Related: PKI and the IoT cloud

One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence … (more…)

The post RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’ first appeared on The Last Watchdog.

The post RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’ appeared first on Security Boulevard.

《自然》期刊的分析显示，随着特朗普政府削减研究资金，美国科学家正在海外寻找职业发展机会。2025 年 1-3月，美国研究人员申请国际职位的数量与去年同期相比增加 32%，浏览海外职位的美国用户数量激增 35%。过去几个月特朗普政府突然终止了逾 200 项 HIV/AIDS 项目的联邦拨款，削减了 NIH 的新冠研究，取消了哥伦比亚大学的 4 亿美元拨款。随着政府加大研究资金削减力度，美国科学家外流的速度也在加快。外国职位浏览量同比增长 68%，申请加拿大机构的美国人数增加 41%，而加拿大人对美国职位的兴趣则减少了 13%。此前的调查显示，四分之三美国研究人员有意离开美国。