βΌ CVE-2023-23607 βΌ
π Read
via "National Vulnerability Database".
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24026 βΌ
π Read
via "National Vulnerability Database".
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33642 βΌ
π Read
via "National Vulnerability Database".
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33641 βΌ
π Read
via "National Vulnerability Database".
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).π Read
via "National Vulnerability Database".
βΌ CVE-2023-22726 βΌ
π Read
via "National Vulnerability Database".
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload endpoint is vulnerable to path traversal as filepath is user controlled, and ultimately flows into os.Mkdir and os.Open. The /artifact endpoint is vulnerable to path traversal as the path is variable is user controlled, and the specified file is ultimately returned by the server. This has been addressed in version 0.2.40. Users are advised to upgrade. Users unable to upgrade may, during implementation of Open and OpenAtEnd for FS, ensure to use ValidPath() to check against path traversal or clean the user-provided paths manually.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25502 βΌ
π Read
via "National Vulnerability Database".
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0052 βΌ
π Read
via "National Vulnerability Database".
SAUTER Controls Nova 200Γ’β¬β220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24028 βΌ
π Read
via "National Vulnerability Database".
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22884 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0433 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.π Read
via "National Vulnerability Database".
π1
π’ European partners expect growth this year, here are three ways they will achieve it π’
π Read
via "ITPro".
Itβs possible to achieve growth at a time of global economic turmoil, provided business objectives are fully aligned with the needs of customersπ Read
via "ITPro".
ITPro
European partners expect growth this year, here are three ways they will achieve it
Itβs possible to achieve growth at a time of global economic turmoil, provided business objectives are fully aligned with the needs of customers
π1
π’ MSI to release securer BIOS settings after critical flaw discovered π’
π Read
via "ITPro".
The firm has admitted it essentially disabled Secure Boot on its motherboards in an attempt to improve customisabilityπ Read
via "ITPro".
ITPro
MSI to release securer BIOS settings after critical flaw discovered
The firm has admitted it essentially disabled Secure Boot on its motherboards in an attempt to improve customisability
π’ Windows 11 System Restore bug preventing users from accessing apps π’
π Read
via "ITPro".
Microsoft has issued a series of workarounds for the issue which is affecting a range of apps including Office and Terminalπ Read
via "ITPro".
ITPro
Windows 11 System Restore bug preventing users from accessing apps
Microsoft has issued a series of workarounds for the issue which is affecting a range of apps including Office and Terminal
π’ Royal Mail ransom note leaked, LockBitβs role remains uncertain π’
π Read
via "ITPro".
The prolific ransomware operation has denied involvement but researchers remain scepticalπ Read
via "ITPro".
ITPro
Royal Mail ransom note leaked, LockBitβs role remains uncertain
The prolific ransomware operation has denied involvement but researchers remain sceptical
π’ Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender update π’
π Read
via "ITPro".
However, some users have resorted to creating their own fixes as theyβve encountered Microsoftβs to be problematicπ Read
via "ITPro".
ITPro
Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender update
However, some users have resorted to creating their own fixes as theyβve encountered Microsoftβs to be problematic
π’ 'Highly evasive' polymorphic malware generated using ChatGPT π’
π Read
via "ITPro".
Researchers at CyberArk Labs developed a novel method to generate malware using text that goes largely undetected by signature-based antimalware productsπ Read
via "ITPro".
ITPro
Security experts develop method of generating 'highly evasive' polymorphic malware using ChatGPT
Researchers at CyberArk Labs developed a novel method to generate malware using text that goes largely undetected by signature-based antimalware products
π’ Google Ads malvertising campaign prompts questions around Search security π’
π Read
via "ITPro".
A leading security researcher has called into question why Google still allows malware links to top search resultsπ Read
via "ITPro".
ITPro
Google Ads malvertising campaign prompts questions around Search security
A leading security researcher has called into question why Google still allows malware links to top search results
π’ Meta sues βdata scraping for hireβ service that collected info on 600k users π’
π Read
via "ITPro".
Meta says tackling data scraping will require a βcollective effortβ from platforms and policymakersπ Read
via "ITPro".
ITPro
Meta sues βdata scraping for hireβ service that collected info on 600k users
Meta says tackling data scraping will require a βcollective effortβ from platforms and policymakers
π’ Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts π’
π Read
via "ITPro".
For now, it appears that administrators will have to manually recreate their shortcuts once the issue has been fixedπ Read
via "ITPro".
ITPro
Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts
For now, it appears that administrators will have to manually recreate their shortcuts once the issue has been fixed
π’ Hack The Box set to triple workforce and widen global expansion π’
π Read
via "ITPro".
CEO Haris Pylarinos told IT Pro the startup plans to accelerate international expansion and continue driving security skills awarenessπ Read
via "ITPro".
ITPro
Hack The Box to triple workforce and drive global expansion in wake of Series B success
CEO Haris Pylarinos told IT Pro the startup plans to accelerate international expansion and continue driving security skills awareness
π’ T-Mobile breach leaves customers vulnerable to phishing π’
π Read
via "ITPro".
T-Mobile confirmed that while customer information was exposed, no financial data or company systems were compromisedπ Read
via "ITPro".
ITPro
T-Mobile customers at heightened risk of phishing attacks in wake of data breach
T-Mobile confirmed that while customer information was exposed, no financial data or company systems were compromised