π΄ Everybody Wants Least Privilege, So Why Isn't Anyone Achieving It? π΄
π Read
via "Dark Reading".
Overcoming the obstacles of this security principle can mitigate the damages of an attack.π Read
via "Dark Reading".
Dark Reading
Everybody Wants Least Privilege, So Why Isn't Anyone Achieving It?
Overcoming the obstacles of this security principle can mitigate the damages of an attack.
β S3 Ep124: When so-called security apps go rogue [Audio + Text] β
π Read
via "Naked Security".
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!π Read
via "Naked Security".
Naked Security
S3 Ep124: When so-called security apps go rogue [Audio + Text]
Rogue software packages. Rogue βsysadminsβ. Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
π1
βΌ CVE-2023-25358 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25360 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25363 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25536 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25362 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25361 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26780 βΌ
π Read
via "National Vulnerability Database".
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
π΄ Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets π΄
π Read
via "Dark Reading".
Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service.π Read
via "Dark Reading".
Dark Reading
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets
Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service.
π₯1
π΄ What GoDaddy's Years-Long Breach Means for Millions of Clients π΄
π Read
via "Dark Reading".
The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do.π Read
via "Dark Reading".
Dark Reading
What GoDaddy's Years-Long Breach Means for Millions of Clients
The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do.
βΌ CVE-2023-26051 βΌ
π Read
via "National Vulnerability Database".
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26055 βΌ
π Read
via "National Vulnerability Database".
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1156 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. This vulnerability affects unknown code of the file admin/fecalysis_form.php. The manipulation of the argument itr_no leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222220.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26471 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26474 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1157 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26472 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page `IconThemesCode.IconThemeSheet` by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26475 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26470 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and make it unusable every time this document is manipulated. This issue has been patched in XWiki 14.0-rc-1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4328 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in ???CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222223.π Read
via "National Vulnerability Database".