‼ CVE-2023-25807 ‼
📖 Read
via "National Vulnerability Database".
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25266 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25265 ‼
📖 Read
via "National Vulnerability Database".
Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26255 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26256 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0461 ‼
📖 Read
via "National Vulnerability Database".
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47612 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25264 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23865 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47179 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.📖 Read
via "National Vulnerability Database".
🕴 Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist 🕴
📖 Read
via "Dark Reading".
The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system.📖 Read
via "Dark Reading".
Dark Reading
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist
The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system.
🗓️ Bug Bounty Radar // The latest bug bounty programs for March 2023 🗓️
📖 Read
via "The Daily Swig".
New web targets for the discerning hacker📖 Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
‼ CVE-2023-20948 ‼
📖 Read
via "National Vulnerability Database".
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27295 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20932 ‼
📖 Read
via "National Vulnerability Database".
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20945 ‼
📖 Read
via "National Vulnerability Database".
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41724 ‼
📖 Read
via "National Vulnerability Database".
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20946 ‼
📖 Read
via "National Vulnerability Database".
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-25432 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20937 ‼
📖 Read
via "National Vulnerability Database".
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20551 ‼
📖 Read
via "National Vulnerability Database".
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549📖 Read
via "National Vulnerability Database".