βΌ CVE-2015-10013 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25096 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46335 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44535 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could allow an attacker to achieve administrative privilege on the web-management interface leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43535 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.π Read
via "National Vulnerability Database".
ποΈ Devs urged to rotate secrets after CircleCI suffers security breach ποΈ
π Read
via "The Daily Swig".
DevOps platform advises customers to revoke API tokensπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Devs urged to rotate secrets after CircleCI suffers security breach
DevOps platform advises customers to revoke API tokens
βΌ CVE-2015-10014 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The name of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45995 βΌ
π Read
via "National Vulnerability Database".
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125040 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.π Read
via "National Vulnerability Database".
π΄ How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization π΄
π Read
via "Dark Reading".
Collaboration across all business units is key to building a robust cybersecurity program.π Read
via "Dark Reading".
Dark Reading
How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization
Collaboration across all business units is key to building a robust cybersecurity program.
π΄ US Based ICOIN Technology Announces Secure Messaging Solution Using Hardware Wallet Encryption π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
US Based ICOIN Technology Announces Secure Messaging Solution Using Hardware Wallet Encryption
CAMPBELL, Calif., Jan. 5, 2023 /PRNewswire/ -- iCoin Technology, a U.S. based manufacturer of modern crypto hardware wallets, announced today that it will be adding a secure messaging feature to their existing hardware wallet system for cryptocurrency
π SimpleRmiDiscoverer 0.1 π
π Read
via "Packet Storm Security".
SimpleRmiDiscoverer is a JMX RMI scanning tool for unsecured (without enabled authentication) instances of JAVA JMX. It does not use standard Java RMI/JMX classes like other available tools but rather communicates directly over TCP. The tool is written in Java and is very useful in red teaming operations because JVM is still ubiquitous in corporate environments. It can be executed by unprivileged (non-admin) users.π Read
via "Packet Storm Security".
Packetstormsecurity
SimpleRmiDiscoverer 0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Faraday 4.3.2 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Maternal & Family Health Services Issues Notice Of Cybersecurity Incident π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Maternal & Family Health Services Issues Notice Of Cybersecurity Incident
WILKES-BARRE, Pa., Jan. 5, 2023 /PRNewswire/ -- Maternal & Family Health Services ("MFHS"), a private non-profit health and human services organization serving Northeastern Pennsylvania, announced today that the organization was the victim of a sophisticatedβ¦
π΄ Threat Actors Evade Detection Through Geofencing & Fingerprinting π΄
π Read
via "Dark Reading".
Security teams may be missing targeted attacks and advanced exploits if attackers are using evasive techniques to avoid detection. Defenders need to up their game.π Read
via "Dark Reading".
Dark Reading
Threat Actors Evade Detection Through Geofencing & Fingerprinting
Security teams may be missing targeted attacks and advanced exploits if attackers are using evasive techniques to avoid detection. Defenders need to up their game.
ποΈ Tesla tackles CORS misconfigurations that left internal networks vulnerable ποΈ
π Read
via "The Daily Swig".
Typosquatting ploy successfully bypassed firewalls of multiple organizationsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tesla tackles CORS misconfigurations that left internal networks vulnerable
Typosquatting ploy successfully bypassed firewalls of multiple organizations
π1
βΌ CVE-2022-47091 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47653 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113π Read
via "National Vulnerability Database".