‼ CVE-2023-22636 ‼
📖 Read
via "National Vulnerability Database".
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.📖 Read
via "National Vulnerability Database".
🗓️ Chromium bug allowed SameSite cookie bypass on Android devices 🗓️
📖 Read
via "The Daily Swig".
Protections against cross-site request forgery could be bypassed📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
‼ CVE-2023-1056 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1061 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1054 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221820.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1063 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1058 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1057 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1053 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1062 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1059 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.📖 Read
via "National Vulnerability Database".
🕴 As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan 🕴
📖 Read
via "Dark Reading".
Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy.📖 Read
via "Dark Reading".
Dark Reading
As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan
Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy.
‼ CVE-2021-32302 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23108 ‼
📖 Read
via "National Vulnerability Database".
In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34908 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23080 ‼
📖 Read
via "National Vulnerability Database".
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24206 ‼
📖 Read
via "National Vulnerability Database".
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34910 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1068 ‼
📖 Read
via "National Vulnerability Database".
The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1067 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34909 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.📖 Read
via "National Vulnerability Database".