โผ CVE-2023-25159 โผ
๐ Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24804 โผ
๐ Read
via "National Vulnerability Database".
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the appรขโฌโขs internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23551 โผ
๐ Read
via "National Vulnerability Database".
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0810 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.๐ Read
via "National Vulnerability Database".
๐ด Russian Hackers Disrupt NATO Earthquake Relief Operations ๐ด
๐ Read
via "Dark Reading".
Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.๐ Read
via "Dark Reading".
Dark Reading
Russian Hackers Disrupt NATO Earthquake Relief Operations
Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.
๐ด Healthcare in the Crosshairs of North Korean Cyber Operations ๐ด
๐ Read
via "Dark Reading".
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.๐ Read
via "Dark Reading".
Dark Reading
Healthcare in the Crosshairs of North Korean Cyber Operations
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.
โผ CVE-2023-24619 โผ
๐ Read
via "National Vulnerability Database".
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-48110 โผ
๐ Read
via "National Vulnerability Database".
CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25719 โผ
๐ Read
via "National Vulnerability Database".
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45285 โผ
๐ Read
via "National Vulnerability Database".
Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25717 โผ
๐ Read
via "National Vulnerability Database".
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25718 โผ
๐ Read
via "National Vulnerability Database".
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect) are cryptographically flawed. An attacker can remotely generate or locally alter file contents and bypass code-signing controls. This can be used to execute code as a trusted application provider, escalate privileges, or execute arbitrary commands in the context of the user. The attacker tampers with a trusted, signed executable in transit.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24188 โผ
๐ Read
via "National Vulnerability Database".
ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability.๐ Read
via "National Vulnerability Database".
๐ด Accenture Acquires Morphus, Brazil-Based Cybersecurity Company ๐ด
๐ Read
via "Dark Reading".
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.๐ Read
via "Dark Reading".
Dark Reading
Accenture Acquires Morphus, Brazil-Based Cybersecurity Company
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.
๐ด 9 Scammers Busted for 5M Euro Phishing Fraud Ring ๐ด
๐ Read
via "Dark Reading".
The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.๐ Read
via "Dark Reading".
Dark Reading
9 Scammers Busted for 5M Euro Phishing Fraud Ring
The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.
๐ด Dark Web Revenue Down Dramatically After Hydra's Demise ๐ด
๐ Read
via "Dark Reading".
Competitor markets working to replace Hydra's money-laundering services for cybercriminals.๐ Read
via "Dark Reading".
Dark Reading
Dark Web Revenue Down Dramatically After Hydra's Demise
Competitor markets working to replace Hydra's money-laundering services for cybercriminals.
โผ CVE-2023-25162 โผ
๐ Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0818 โผ
๐ Read
via "National Vulnerability Database".
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24647 โผ
๐ Read
via "National Vulnerability Database".
Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0817 โผ
๐ Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.๐ Read
via "National Vulnerability Database".
โผ CVE-2015-10079 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The name of the patch is 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751.๐ Read
via "National Vulnerability Database".