βΌ CVE-2023-23130 βΌ
π Read
via "National Vulnerability Database".
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23126 βΌ
π Read
via "National Vulnerability Database".
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0611 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23692 βΌ
π Read
via "National Vulnerability Database".
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24610 βΌ
π Read
via "National Vulnerability Database".
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0612 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation of the argument device_web_ip leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22572 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.π Read
via "National Vulnerability Database".
π΄ ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers π΄
π Read
via "Dark Reading".
Study also reveals enterprises rely on multiple tools to ensure cloud security.π Read
via "Dark Reading".
Dark Reading
ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers
Study also reveals enterprises rely on multiple tools to ensure cloud security.
π΄ KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship π΄
π Read
via "Dark Reading".
KnowBe4 partners with the Center for Cyber Safety and Education to support Black Americans in recognition of Black History Month to help further education.π Read
via "Dark Reading".
Dark Reading
KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship
KnowBe4 partners with the Center for Cyber Safety and Education to support Black Americans in recognition of Black History Month to help further education.
π΄ Application Security Must Be Nonnegotiable π΄
π Read
via "Dark Reading".
Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.π Read
via "Dark Reading".
Dark Reading
Application Security Must Be Nonnegotiable
Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.
π΄ Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data π΄
π Read
via "Dark Reading".
Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.π Read
via "Dark Reading".
Dark Reading
Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data
Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.
βΌ CVE-2022-47003 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.π Read
via "National Vulnerability Database".
π΄ Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions π΄
π Read
via "Dark Reading".
The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.π Read
via "Dark Reading".
Dark Reading
Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions
The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.
π΄ Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats π΄
π Read
via "Dark Reading".
Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.π Read
via "Dark Reading".
Dark Reading
Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats
Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.
π΄ Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover π΄
π Read
via "Dark Reading".
Two security holes β one particularly gnarly β could allow hackers the freedom to do as they wish with the popular edge equipment.π Read
via "Dark Reading".
Dark Reading
Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover
Two security holes β one particularly gnarly β could allow hackers the freedom to do as they wish with the popular edge equipment.
β GitHub code-signing certificates stolen (but will be revoked this week) β
π Read
via "Naked Security".
There was a breach, so the bad news isn't great, but the good news isn't too bad...π Read
via "Naked Security".
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
There was a breach, so the bad news isnβt great, but the good news isnβt too badβ¦
π1π₯1
βΌ CVE-2023-23135 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48093 βΌ
π Read
via "National Vulnerability Database".
Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23136 βΌ
π Read
via "National Vulnerability Database".
lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24997 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48094 βΌ
π Read
via "National Vulnerability Database".
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.π Read
via "National Vulnerability Database".