🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Shein Shopping App Glitch Copies Android Clipboard Contents 🕴

The Android app unnecessarily accessed clipboard device contents, which often includes passwords and other sensitive data.

📖 Read

via "Dark Reading".
Dark Reading
Shein Shopping App Glitch Copies Android Clipboard Contents
The Android app unnecessarily accessed clipboard device contents, which often includes passwords and other sensitive data.
277 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36394 ‼

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36393 ‼

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.

📖 Read

via "National Vulnerability Database".
216 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-42248 ‼

QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.

📖 Read

via "National Vulnerability Database".
208 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24736 ‼

PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.

📖 Read

via "National Vulnerability Database".
184 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24734 ‼

An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.

📖 Read

via "National Vulnerability Database".
156 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24735 ‼

PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36398 ‼

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.

📖 Read

via "National Vulnerability Database".
151 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36400 ‼

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

📖 Read

via "National Vulnerability Database".
150 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0093 ‼

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.

📖 Read

via "National Vulnerability Database".
149 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24733 ‼

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36396 ‼

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36392 ‼

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.

📖 Read

via "National Vulnerability Database".
151 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36399 ‼

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

📖 Read

via "National Vulnerability Database".
156 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36713 ‼

Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.

📖 Read

via "National Vulnerability Database".
166 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-26601 ‼

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).

📖 Read

via "National Vulnerability Database".
168 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1161 ‼

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-36395 ‼

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

📖 Read

via "National Vulnerability Database".
181 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24737 ‼

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.

📖 Read

via "National Vulnerability Database".
199 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-26949 ‼

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-24217 ‼

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

📖 Read

via "National Vulnerability Database".
220 views