βΌ CVE-2023-22324 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0473 βΌ
π Read
via "National Vulnerability Database".
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2022-46359 βΌ
π Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22333 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0472 βΌ
π Read
via "National Vulnerability Database".
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2022-46358 βΌ
π Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22322 βΌ
π Read
via "National Vulnerability Database".
Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0266 βΌ
π Read
via "National Vulnerability Database".
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055eπ Read
via "National Vulnerability Database".
βΌ CVE-2022-45788 βΌ
π Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxureΓ’βΒ’ Control Expert (All Versions), EcoStruxureΓ’βΒ’ Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum Unity M1E Processor (171CBU*) (All Versions), Modicon MC80 (BMKC80) (All Versions), Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2023-0240 βΌ
π Read
via "National Vulnerability Database".
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.π Read
via "National Vulnerability Database".
β Hive ransomware servers shut down at last, says FBI β
π Read
via "Naked Security".
Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Proxmark3 4.16191 Custom Firmware π
π Read
via "Packet Storm Security".
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.π Read
via "Packet Storm Security".
Packetstormsecurity
Proxmark3 4.16191 Custom Firmware β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenStego Free Steganography Solution 0.8.6 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-26872 βΌ
π Read
via "National Vulnerability Database".
AMI Megarac Password reset interception via APIπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46087 βΌ
π Read
via "National Vulnerability Database".
CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23334 βΌ
π Read
via "National Vulnerability Database".
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0581 βΌ
π Read
via "National Vulnerability Database".
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0512 βΌ
π Read
via "National Vulnerability Database".
Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.π Read
via "National Vulnerability Database".
β Serious Security: The Samba logon bug caused by outdated crypto β
π Read
via "Naked Security".
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!π Read
via "Naked Security".
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
βΌ CVE-2023-24830 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48006 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.π Read
via "National Vulnerability Database".