โผ CVE-2022-41134 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly รขโฌโ Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22854 โผ
๐ Read
via "National Vulnerability Database".
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-48077 โผ
๐ Read
via "National Vulnerability Database".
Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.๐ Read
via "National Vulnerability Database".
๐ฅ1
โผ CVE-2023-23553 โผ
๐ Read
via "National Vulnerability Database".
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3089 โผ
๐ Read
via "National Vulnerability Database".
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23948 โผ
๐ Read
via "National Vulnerability Database".
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25159 โผ
๐ Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24804 โผ
๐ Read
via "National Vulnerability Database".
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the appรขโฌโขs internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23551 โผ
๐ Read
via "National Vulnerability Database".
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0810 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.๐ Read
via "National Vulnerability Database".
๐ด Russian Hackers Disrupt NATO Earthquake Relief Operations ๐ด
๐ Read
via "Dark Reading".
Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.๐ Read
via "Dark Reading".
Dark Reading
Russian Hackers Disrupt NATO Earthquake Relief Operations
Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.
๐ด Healthcare in the Crosshairs of North Korean Cyber Operations ๐ด
๐ Read
via "Dark Reading".
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.๐ Read
via "Dark Reading".
Dark Reading
Healthcare in the Crosshairs of North Korean Cyber Operations
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.
โผ CVE-2023-24619 โผ
๐ Read
via "National Vulnerability Database".
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-48110 โผ
๐ Read
via "National Vulnerability Database".
CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25719 โผ
๐ Read
via "National Vulnerability Database".
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45285 โผ
๐ Read
via "National Vulnerability Database".
Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25717 โผ
๐ Read
via "National Vulnerability Database".
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25718 โผ
๐ Read
via "National Vulnerability Database".
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect) are cryptographically flawed. An attacker can remotely generate or locally alter file contents and bypass code-signing controls. This can be used to execute code as a trusted application provider, escalate privileges, or execute arbitrary commands in the context of the user. The attacker tampers with a trusted, signed executable in transit.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24188 โผ
๐ Read
via "National Vulnerability Database".
ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability.๐ Read
via "National Vulnerability Database".
๐ด Accenture Acquires Morphus, Brazil-Based Cybersecurity Company ๐ด
๐ Read
via "Dark Reading".
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.๐ Read
via "Dark Reading".
Dark Reading
Accenture Acquires Morphus, Brazil-Based Cybersecurity Company
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.
๐ด 9 Scammers Busted for 5M Euro Phishing Fraud Ring ๐ด
๐ Read
via "Dark Reading".
The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.๐ Read
via "Dark Reading".
Dark Reading
9 Scammers Busted for 5M Euro Phishing Fraud Ring
The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.