βΌ CVE-2023-1244 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1237 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1241 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1245 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
π΄ Cyber Security Works to Rebrand As Securin Inc. π΄
π Read
via "Dark Reading".
Securin Inc. will provide tech-enabled security solutions, vulnerability intelligence and deep domain expertise.π Read
via "Dark Reading".
Dark Reading
Cyber Security Works to Rebrand As Securin Inc.
Securin Inc. will provide tech-enabled security solutions, vulnerability intelligence and deep domain expertise.
π΄ Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems π΄
π Read
via "Dark Reading".
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.π Read
via "Dark Reading".
Dark Reading
Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.
βΌ CVE-2023-26955 βΌ
π Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36669 βΌ
π Read
via "National Vulnerability Database".
The JetBackup Γ’β¬β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44197 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26954 βΌ
π Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4330 βΌ
π Read
via "National Vulnerability Database".
The Envato Elements & Download and Template Kit Γ’β¬β Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit Γ’β¬β Import and versions up to and including 2.0.10 of Envato Elements & Download.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36668 βΌ
π Read
via "National Vulnerability Database".
The JetBackup Γ’β¬β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44196 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36667 βΌ
π Read
via "National Vulnerability Database".
The JetBackup Γ’β¬β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.π Read
via "National Vulnerability Database".
π΄ Delinea Adds New features for its Privilege Manager and DevOps Secrets Vault π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Delinea Adds New features for its Privilege Manager and DevOps Secrets Vault
REDWOOD CITY, Calif., March 7, 2023 /PRNewswire/ -- Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today announced new features for its Privilege Manager and DevOps Secrets Vault products. Updates to bothβ¦
π΄ Remcos RAT Spyware Scurries Into Machines via Cloud Servers π΄
π Read
via "Dark Reading".
Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.π Read
via "Dark Reading".
Dark Reading
Remcos RAT Spyware Scurries Into Machines via Cloud Servers
Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.
βΌ CVE-2023-27522 βΌ
π Read
via "National Vulnerability Database".
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1254 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25690 βΌ
π Read
via "National Vulnerability Database".
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4332 βΌ
π Read
via "National Vulnerability Database".
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.π Read
via "National Vulnerability Database".