🕴 Headwinds Don't Have to Be a Drag on Your Security Effectiveness 🕴
📖 Read
via "Dark Reading".
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.📖 Read
via "Dark Reading".
Dark Reading
Headwinds Don't Have to Be a Drag on Your Security Effectiveness
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.
‼ CVE-2022-43870 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41566 ‼
📖 Read
via "National Vulnerability Database".
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23040 ‼
📖 Read
via "National Vulnerability Database".
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43873 ‼
📖 Read
via "National Vulnerability Database".
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23039 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41567 ‼
📖 Read
via "National Vulnerability Database".
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0960 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41565 ‼
📖 Read
via "National Vulnerability Database".
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26214 ‼
📖 Read
via "National Vulnerability Database".
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43578 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683.📖 Read
via "National Vulnerability Database".
âš NPM JavaScript packages abused to create scambait links in bulk âš
📖 Read
via "Naked Security".
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!📖 Read
via "Naked Security".
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
âš Coinbase breached by social engineers, employee data stolen âš
📖 Read
via "Naked Security".
Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 US Military Emails Exposed via Cloud Account 🕴
📖 Read
via "Dark Reading".
A DoD email server hosted in the cloud (and now secured) had no password protection in place for at least two weeks.📖 Read
via "Dark Reading".
Dark Reading
US Military Emails Exposed via Cloud Account
A DoD email server hosted in the cloud (and now secured) had no password protection in place for at least two weeks.
‼ CVE-2023-0933 ‼
📖 Read
via "National Vulnerability Database".
Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24812 ‼
📖 Read
via "National Vulnerability Database".
Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the `api/notes/search-by-tag` endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25154 ‼
📖 Read
via "National Vulnerability Database".
Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execute JavaScript code in the context of the recipient. This issue has been fixed in version 13.5.0. Users are advised to upgrade. Users unable to upgrade should not "view on remote" for untrusted instances.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0931 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0964 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25813 ‼
📖 Read
via "National Vulnerability Database".
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0961 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.📖 Read
via "National Vulnerability Database".