βΌ CVE-2023-0647 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0651 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
β S3 Ep120: When dud crypto simply wonβt let go [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep120: When dud crypto simply wonβt let go [Audio + Text]
Latest episode β listen now!
βΌ CVE-2023-23120 βΌ
π Read
via "National Vulnerability Database".
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-23119 βΌ
π Read
via "National Vulnerability Database".
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.π Read
via "National Vulnerability Database".
π΄ Rising βFirebrick Ostrichβ BEC Group Launches Industrial-Scale Cyberattacks π΄
π Read
via "Dark Reading".
The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.π Read
via "Dark Reading".
Dark Reading
Rising 'Firebrick Ostrich' BEC Group Launches Industrial-Scale Cyberattacks
The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.
π΄ 6 Examples of the Evolution of a Scam Site π΄
π Read
via "Dark Reading".
Examining some key examples of recently found fraud sites that target the lucrative retail shoe industry helps us understand how brand impersonation sites evolve.π Read
via "Dark Reading".
Dark Reading
6 Examples of the Evolution of a Scam Site
Examining some key examples of recently found fraud sites that target the lucrative retail shoe industry helps us understand how brand impersonation sites evolve.
π1
βΌ CVE-2022-36401 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet Γ’β¬β For WooCommerce plugin <= 1.3.24 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0253 βΌ
π Read
via "National Vulnerability Database".
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48113 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3560 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48082 βΌ
π Read
via "National Vulnerability Database".
Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45067 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0576 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte DB allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte DB: v2.17.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24574 βΌ
π Read
via "National Vulnerability Database".
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46842 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48140 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48130 βΌ
π Read
via "National Vulnerability Database".
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46815 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40692 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48114 βΌ
π Read
via "National Vulnerability Database".
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.π Read
via "National Vulnerability Database".