‼ CVE-2023-1062 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1059 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.📖 Read
via "National Vulnerability Database".
🕴 As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan 🕴
📖 Read
via "Dark Reading".
Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy.📖 Read
via "Dark Reading".
Dark Reading
As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan
Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy.
‼ CVE-2021-32302 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23108 ‼
📖 Read
via "National Vulnerability Database".
In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34908 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23080 ‼
📖 Read
via "National Vulnerability Database".
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24206 ‼
📖 Read
via "National Vulnerability Database".
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34910 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1068 ‼
📖 Read
via "National Vulnerability Database".
The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1067 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34909 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23109 ‼
📖 Read
via "National Vulnerability Database".
In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.📖 Read
via "National Vulnerability Database".
🗓️ Password managers: A rough guide to enterprise secret platforms 🗓️
📖 Read
via "The Daily Swig".
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
🕴 How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever 🕴
📖 Read
via "Dark Reading".
Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.📖 Read
via "Dark Reading".
Dark Reading
How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever
Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.
‼ CVE-2023-0487 ‼
📖 Read
via "National Vulnerability Database".
The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24653 ‼
📖 Read
via "National Vulnerability Database".
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22860 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23157 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24656 ‼
📖 Read
via "National Vulnerability Database".
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24652 ‼
📖 Read
via "National Vulnerability Database".
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function.📖 Read
via "National Vulnerability Database".