‼ CVE-2023-23080 ‼
📖 Read
via "National Vulnerability Database".
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24206 ‼
📖 Read
via "National Vulnerability Database".
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34910 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1068 ‼
📖 Read
via "National Vulnerability Database".
The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1067 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34909 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23109 ‼
📖 Read
via "National Vulnerability Database".
In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.📖 Read
via "National Vulnerability Database".
🗓️ Password managers: A rough guide to enterprise secret platforms 🗓️
📖 Read
via "The Daily Swig".
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
🕴 How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever 🕴
📖 Read
via "Dark Reading".
Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.📖 Read
via "Dark Reading".
Dark Reading
How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever
Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.
‼ CVE-2023-0487 ‼
📖 Read
via "National Vulnerability Database".
The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24653 ‼
📖 Read
via "National Vulnerability Database".
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22860 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23157 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24656 ‼
📖 Read
via "National Vulnerability Database".
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24652 ‼
📖 Read
via "National Vulnerability Database".
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24654 ‼
📖 Read
via "National Vulnerability Database".
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25231 ‼
📖 Read
via "National Vulnerability Database".
Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26042 ‼
📖 Read
via "National Vulnerability Database".
Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26758 ‼
📖 Read
via "National Vulnerability Database".
Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26759 ‼
📖 Read
via "National Vulnerability Database".
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27264 ‼
📖 Read
via "National Vulnerability Database".
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.📖 Read
via "National Vulnerability Database".