πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Google engineers plot to mitigate prototype pollution πŸ—“οΈ

Plan to create boundary between JavaScript objects and their blueprints gathers momentum

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google engineers plot to mitigate prototype pollution
Plan to create boundary between JavaScript objects and their blueprints gathers momentum
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  GNUnet P2P Framework 0.19.3 πŸ› 

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.19.3 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
294 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24200 β€Ό

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.

πŸ“– Read

via "National Vulnerability Database".
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24192 β€Ό

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48078 β€Ό

pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24198 β€Ό

Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24197 β€Ό

Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.

πŸ“– Read

via "National Vulnerability Database".
207 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24202 β€Ό

Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24194 β€Ό

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24195 β€Ό

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24191 β€Ό

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24276 β€Ό

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.

πŸ“– Read

via "National Vulnerability Database".
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24201 β€Ό

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.

πŸ“– Read

via "National Vulnerability Database".
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24199 β€Ό

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.

πŸ“– Read

via "National Vulnerability Database".
313 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48019 β€Ό

The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.

πŸ“– Read

via "National Vulnerability Database".
359 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto ⚠

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

πŸ“– Read

via "Naked Security".
Naked Security
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
Hear renowned cybersecurity author Andy Greenberg’s thoughtful commentary about the β€œwar on crypto” as we talk to him about his new book…
374 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47071 β€Ό

In NVS365 V01, the background network test function can trigger command execution.

πŸ“– Read

via "National Vulnerability Database".
345 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36660 β€Ό

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.

πŸ“– Read

via "National Vulnerability Database".
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Patching & Passwords Lead the Problem Pack for Cyber-Teams πŸ•΄

Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.

πŸ“– Read

via "Dark Reading".
Dark Reading
Patching & Passwords Lead the Problem Pack for Cyber-Teams
Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.
345 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cybercrime Shows No Signs of Slowing Down πŸ•΄

Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cybercrime Shows No Signs of Slowing Down
Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.
πŸ”₯3
314 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2933 β€Ό

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

πŸ“– Read

via "National Vulnerability Database".
247 views