‼ CVE-2023-1002 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1006 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument lastname with the input "><script>prompt(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0998 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22425 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48345 ‼
📖 Read
via "National Vulnerability Database".
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1004 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
🗓️ Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption 🗓️
📖 Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
‼ CVE-2023-1009 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25691 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25692 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0595 ‼
📖 Read
via "National Vulnerability Database".
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1007 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1008 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25696 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1010 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25693 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25956 ‼
📖 Read
via "National Vulnerability Database".
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4105 ‼
📖 Read
via "National Vulnerability Database".
Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.📖 Read
via "National Vulnerability Database".
🕴 To Safeguard Critical Infrastructure, Go Back to Basics 🕴
📖 Read
via "Dark Reading".
CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks.📖 Read
via "Dark Reading".
Dark Reading
To Safeguard Critical Infrastructure, Go Back to Basics
CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks.
🕴 TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount 🕴
📖 Read
via "Dark Reading".
Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.📖 Read
via "Dark Reading".
Dark Reading
TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount
Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.
‼ CVE-2021-35369 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.📖 Read
via "National Vulnerability Database".