‼ CVE-2022-4289 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0623 ‼
📖 Read
via "National Vulnerability Database".
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3758 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3767 ‼
📖 Read
via "National Vulnerability Database".
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.📖 Read
via "National Vulnerability Database".
🕴 Proposed FCC Rule Redefines Data Breaches for Communications Carriers 🕴
📖 Read
via "Dark Reading".
If the proposed rule is approved, organizations would need to disclose all data breaches, even one that does not cause any harm, to affected customers.📖 Read
via "Dark Reading".
Dark Reading
Proposed FCC Rule Redefines Data Breaches for Communications Carriers
If the proposed rule is approved, organizations would need to disclose all data breaches, even ones that don't cause any harm, to affected customers.
‼ CVE-2023-1310 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1091 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1309 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/search_it.php. The manipulation of the argument input leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222697 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1311 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1308 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696.📖 Read
via "National Vulnerability Database".
🛠 Packet Fence 12.2.0 🛠
📖 Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 12.2.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Make Sure Your Cybersecurity Budget Stays Flexible 🕴
📖 Read
via "Dark Reading".
CISOs' ability to pivot tight budgets is key to defense plans that can stand up to attackers.📖 Read
via "Dark Reading".
Dark Reading
Make Sure Your Cybersecurity Budget Stays Flexible
CISOs' ability to pivot tight budgets is key to defense plans that can stand up to attackers.
‼ CVE-2023-24774 ‼
📖 Read
via "National Vulnerability Database".
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26464 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
👍1
⚠ S3 Ep125: When security hardware has security holes [Audio + Text] ⚠
📖 Read
via "Naked Security".
Lastest episode - listen now! (Full transcript inside.)📖 Read
via "Naked Security".
Naked Security
S3 Ep125: When security hardware has security holes [Audio + Text]
Lastest episode – listen now! (Full transcript inside.)
‼ CVE-2023-27161 ‼
📖 Read
via "National Vulnerability Database".
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33360 ‼
📖 Read
via "National Vulnerability Database".
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-48111 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1322 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1320 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0746 ‼
📖 Read
via "National Vulnerability Database".
The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.📖 Read
via "National Vulnerability Database".