βΌ CVE-2023-24219 βΌ
π Read
via "National Vulnerability Database".
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24220 βΌ
π Read
via "National Vulnerability Database".
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0887 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0882 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse.This issue affects Single Connect: 2.16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24078 βΌ
π Read
via "National Vulnerability Database".
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0883 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23695 βΌ
π Read
via "National Vulnerability Database".
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24221 βΌ
π Read
via "National Vulnerability Database".
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.π Read
via "National Vulnerability Database".
β S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep122: Stop calling every breach βsophisticatedβ! [Audio + Text]
Latest episode β listen now! (Full transcript inside.)
βΌ CVE-2022-32972 βΌ
π Read
via "National Vulnerability Database".
Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23586 βΌ
π Read
via "National Vulnerability Database".
Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uringπ Read
via "National Vulnerability Database".
βΌ CVE-2022-40032 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40347 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.π Read
via "National Vulnerability Database".
π΄ AppSec Threats Deserve Their Own Incident Response Plan π΄
π Read
via "Dark Reading".
With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.π Read
via "Dark Reading".
Dark Reading
AppSec Threats Deserve Their Own Incident Response Plan
With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.
ποΈ HTTP request smuggling bug patched in HAProxy ποΈ
π Read
via "The Daily Swig".
Exploitation could enable attackers to access backend serversπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
π1
π Faraday 4.3.3 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-47986 βΌ
π Read
via "National Vulnerability Database".
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24329 βΌ
π Read
via "National Vulnerability Database".
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45701 βΌ
π Read
via "National Vulnerability Database".
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29168 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23007 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.π Read
via "National Vulnerability Database".