Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23750PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2023-23751PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2022-37033PUBLISHED: 2023-02-01
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re...
CVE-2022-3913PUBLISHED: 2023-02-01
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate...
CVE-2022-45782PUBLISHED: 2023-02-01An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.
User Rank: Apprentice
2/17/2019 | 1:26:23 AM
How did I engage? I tried to help a friend, inserted my usb stick, turned on the internet as it was needed for my action and Gradcrab 5.1 activated.
I didn't realize it until I noticed that some files from my usb stick changed names.
I was also amazed by the led of usb stick running wild after turning internet on. I knew something was wrong. That was the crypting doing its job.
In 3 minutes the entire folders with txt, docs and zip files were damaged / encrypted.
Luckly I had backups and so my friend, but one thing is obvious: Windows Defender defended NOTHING.
Other systems from same place with Bitdefender installed with Antiransomware and preboot options active were protected.
This is not advertising to this AV provider, it's just a happy case with one damaged computer from 7.
We saved some encrypted files for future use and see if any decryptor will help, but it will be at least 6 months until one will be public.
Thank you