βΌ CVE-2022-3568 βΌ
π Read
via "National Vulnerability Database".
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23626 βΌ
π Read
via "National Vulnerability Database".
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24569 βΌ
π Read
via "National Vulnerability Database".
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.π Read
via "National Vulnerability Database".
ποΈ Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack ποΈ
π Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity newsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
βΌ CVE-2023-24349 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24230 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24352 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24348 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24344 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24347 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24343 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24350 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24231 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24234 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24233 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24232 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10077 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4903 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24351 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24346 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24345 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.π Read
via "National Vulnerability Database".