βΌ CVE-2023-23626 βΌ
π Read
via "National Vulnerability Database".
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24569 βΌ
π Read
via "National Vulnerability Database".
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.π Read
via "National Vulnerability Database".
ποΈ Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack ποΈ
π Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity newsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
βΌ CVE-2023-24349 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24230 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24352 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24348 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24344 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24347 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24343 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24350 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24231 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24234 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24233 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24232 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10077 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4903 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24351 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24346 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24345 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.π Read
via "National Vulnerability Database".
π΄ Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks π΄
π Read
via "Dark Reading".
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.π Read
via "Dark Reading".
Dark Reading
Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.