βΌ CVE-2012-10007 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26093 βΌ
π Read
via "National Vulnerability Database".
Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48328 βΌ
π Read
via "National Vulnerability Database".
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-48329 βΌ
π Read
via "National Vulnerability Database".
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125088 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488.π Read
via "National Vulnerability Database".
βΌ CVE-2016-15025 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484.π Read
via "National Vulnerability Database".
βΌ CVE-2012-10008 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10080 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487.π Read
via "National Vulnerability Database".
βΌ CVE-2013-10019 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
ποΈ βMost web API flaws are missed by standard security testsβ β Corey J Ball on securing a neglected attack vector ποΈ
π Read
via "The Daily Swig".
API security is a βgreat gatewayβ into a pen testing career, advises specialist in the fieldπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
π΄ Modern Software: What's Really Inside? π΄
π Read
via "Dark Reading".
Open source has changed the software game from build or buy to assemble with care.π Read
via "Dark Reading".
Dark Reading
Modern Software: What's Really Inside?
Open source has changed the software game from build or buy to assemble with care.
π Falco 0.34.1 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.34.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π AIEngine 2.3.0 π
π Read
via "Packet Storm Security".
AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.π Read
via "Packet Storm Security".
Packetstormsecurity
AIEngine 2.3.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-25656 βΌ
π Read
via "National Vulnerability Database".
notation-go is a collection of libraries for supporting Notation sign, verify, push, pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures and the application will be finally killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains `=#`. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the `authenticity` validation is set to `enforce`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24998 βΌ
π Read
via "National Vulnerability Database".
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25613 βΌ
π Read
via "National Vulnerability Database".
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25569 βΌ
π Read
via "National Vulnerability Database".
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25570 βΌ
π Read
via "National Vulnerability Database".
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25805 βΌ
π Read
via "National Vulnerability Database".
versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0.π Read
via "National Vulnerability Database".
β Twitter tells users: Pay up if you want to keep using insecure 2FA β
π Read
via "Naked Security".
Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.π Read
via "Naked Security".
Naked Security
Twitter tells users: Pay up if you want to keep using insecure 2FA
Ironically, Twitter Blue users will be allowed to keep using the very 2FA process thatβs not considered secure enough for everyone else.
π1
βΌ CVE-2022-48321 βΌ
π Read
via "National Vulnerability Database".
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.π Read
via "National Vulnerability Database".