📢 CISA: Phishing campaign targeting US federal agencies went undetected for months 📢
📖 Read
via "ITPro".
Threat actors used legitimate remote access software to maliciously target federal employees📖 Read
via "ITPro".
ITPro
CISA: Phishing campaign targeting US federal agencies went undetected for months
Threat actors used legitimate remote access software to maliciously target federal employees
📢 NCSC warns UK under state-sponsored spear-phishing attacks from Russia and Iran 📢
📖 Read
via "ITPro".
The acceleration in spear-phishing campaigns last year coincided with the escalating conflict in Ukraine, according to the NCSC📖 Read
via "ITPro".
ITPro
NCSC warns UK under state-sponsored spear-phishing attacks from Russia and Iran
The acceleration in spear-phishing campaigns last year coincided with the escalating conflict in Ukraine, according to the NCSC
‼ CVE-2023-0562 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-219716.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0563 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-4315 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.📖 Read
via "National Vulnerability Database".
👍1
🗓️ Tell us what you think: The Daily Swig reader survey 2023 🗓️
📖 Read
via "The Daily Swig".
Have your say to be in with the chance to win Burp Suite swag…📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag…
👍1
‼ CVE-2016-15022 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.📖 Read
via "National Vulnerability Database".
‼ CVE-2009-10003 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0572 ‼
📖 Read
via "National Vulnerability Database".
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46873 ‼
📖 Read
via "National Vulnerability Database".
WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48303 ‼
📖 Read
via "National Vulnerability Database".
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24612 ‼
📖 Read
via "National Vulnerability Database".
The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25936 ‼
📖 Read
via "National Vulnerability Database".
Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27596 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24623 ‼
📖 Read
via "National Vulnerability Database".
Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25967 ‼
📖 Read
via "National Vulnerability Database".
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24622 ‼
📖 Read
via "National Vulnerability Database".
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0471 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22332 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46357 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46356 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.📖 Read
via "National Vulnerability Database".