βΌ CVE-2020-36670 βΌ
π Read
via "National Vulnerability Database".
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4333 βΌ
π Read
via "National Vulnerability Database".
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10087 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4331 βΌ
π Read
via "National Vulnerability Database".
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).π Read
via "National Vulnerability Database".
βΌ CVE-2023-26953 βΌ
π Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.π Read
via "National Vulnerability Database".
β DoppelPaymer ransomware supsects arrested in Germany and Ukraine β
π Read
via "Naked Security".
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in DΓΌsseldorf.π Read
via "Naked Security".
Naked Security
DoppelPaymer ransomware supsects arrested in Germany and Ukraine
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in DΓΌsseldorf.
π΄ Scams Security Pros Almost Fell For π΄
π Read
via "Dark Reading".
By working together as an industry, we can develop the technologies needed to account for human error.π Read
via "Dark Reading".
Dark Reading
Scams Security Pros Almost Fell For
By working together as an industry, we can develop the technologies needed to account for human error.
π΄ 99% of Cybersecurity Leaders Are Stressed About Email Security π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
99% of Cybersecurity Leaders Are Stressed About Email Security
LONDON, UK / March 7, 2023 - Egress, a cybersecurity company that provides intelligent email security, today released its Email Security Risk Report 2023. The report uncovers findings that demonstrate the prevalence of inbound and outbound email securityβ¦
π΄ Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour π΄
π Read
via "Dark Reading".
Third annual report identifies top security gaps and challenges for organizations operating in the cloud.π Read
via "Dark Reading".
Dark Reading
Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour
Third annual report identifies top security gaps and challenges for organizations operating in the cloud.
β Serious Security: TPM 2.0 vulns β is your super-secure data at risk? β
π Read
via "Naked Security".
Security bugs in the very code you've been told you must have to improve the security of your computer...π Read
via "Naked Security".
Naked Security
Serious Security: TPM 2.0 vulns β is your super-secure data at risk?
Security bugs in the very code youβve been told you must have to improve the security of your computerβ¦
π΄ Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears π΄
π Read
via "Dark Reading".
More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.π Read
via "Dark Reading".
Dark Reading
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.
π΄ ManageEngine Launches Security and Risk Posture Management in its SIEM Solution π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
ManageEngine Launches Security and Risk Posture Management in its SIEM Solution
LONDON, United Kingdomβ March 7, 2023 β ManageEngine, the enterprise IT management division of Zoho Corporation, today announced that it has added a security and risk posture management dashboard to Log360, its unified security information and event managementβ¦
βΌ CVE-2023-25223 βΌ
π Read
via "National Vulnerability Database".
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40676 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25611 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23776 βΌ
π Read
via "National Vulnerability Database".
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzerπ Read
via "National Vulnerability Database".
βΌ CVE-2023-25605 βΌ
π Read
via "National Vulnerability Database".
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27478 βΌ
π Read
via "National Vulnerability Database".
libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42476 βΌ
π Read
via "National Vulnerability Database".
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41328 βΌ
π Read
via "National Vulnerability Database".
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45861 βΌ
π Read
via "National Vulnerability Database".
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.π Read
via "National Vulnerability Database".