βΌ CVE-2023-0715 βΌ
π Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0684 βΌ
π Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0742 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0741 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43761 βΌ
π Read
via "National Vulnerability Database".
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0740 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0744 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2094 βΌ
π Read
via "National Vulnerability Database".
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0743 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.π Read
via "National Vulnerability Database".
π1
π΄ Why Some Cloud Services Vulnerabilities Are So Hard to Fix π΄
π Read
via "Dark Reading".
Five months after AWS customers were alerted about three vulnerabilities, nearly none had plugged the holes. The reasons why underline a need for change.π Read
via "Dark Reading".
Dark Reading
Why Some Cloud Services Vulnerabilities Are So Hard to Fix
Five months after AWS customers were alerted about three vulnerabilities, nearly none had plugged the holes. The reasons why underline a need for change.
π΄ How to Optimize Your Cyber Insurance Coverage π΄
π Read
via "Dark Reading".
From prevention and detection processes to how you handle policy information, having strong cyber insurance coverage can help mitigate cybersecurity attacks.π Read
via "Dark Reading".
Dark Reading
How to Optimize Your Cyber Insurance Coverage
From prevention and detection processes to how you handle policy information, having strong cyber insurance coverage can help mitigate cybersecurity attacks.
βΌ CVE-2022-43765 βΌ
π Read
via "National Vulnerability Database".
B&R APROL versions < R 4.2-07 doesnΓ’β¬β’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43764 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43762 βΌ
π Read
via "National Vulnerability Database".
Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messagesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-43763 βΌ
π Read
via "National Vulnerability Database".
Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.π Read
via "National Vulnerability Database".
ποΈ DOM XSS vulnerability in Gartner Peer Insights widget patched ποΈ
π Read
via "The Daily Swig".
Web attack vector closed after failed fixπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
DOM XSS vulnerability in Gartner Peer Insights widget patched
Web attack vector closed after failed fix
π΄ Why ChatGPT Isn't a Death Sentence for Cyber Defenders π΄
π Read
via "Dark Reading".
Generative AI combined with user awareness training creates a security alliance that can let organizations work protected from ChatGPT.π Read
via "Dark Reading".
Dark Reading
Why ChatGPT Isn't a Death Sentence for Cyber Defenders
Generative AI combined with user awareness training creates a security alliance that can let organizations work protected from ChatGPT.
π1
βΌ CVE-2023-0747 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41620 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.π Read
via "National Vulnerability Database".
π Mandos Encrypted File System Unattended Reboot Utility 1.8.16 π
π Read
via "Packet Storm Security".
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.π Read
via "Packet Storm Security".
Packetstormsecurity
Mandos Encrypted File System Unattended Reboot Utility 1.8.16 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenSSL Toolkit 1.1.1t π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1t β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers