π΄ Make Sure Your Cybersecurity Budget Stays Flexible π΄
π Read
via "Dark Reading".
CISOs' ability to pivot tight budgets is key to defense plans that can stand up to attackers.π Read
via "Dark Reading".
Dark Reading
Make Sure Your Cybersecurity Budget Stays Flexible
CISOs' ability to pivot tight budgets is key to defense plans that can stand up to attackers.
βΌ CVE-2023-24774 βΌ
π Read
via "National Vulnerability Database".
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26464 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
π1
β S3 Ep125: When security hardware has security holes [Audio + Text] β
π Read
via "Naked Security".
Lastest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep125: When security hardware has security holes [Audio + Text]
Lastest episode β listen now! (Full transcript inside.)
βΌ CVE-2023-27161 βΌ
π Read
via "National Vulnerability Database".
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33360 βΌ
π Read
via "National Vulnerability Database".
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-48111 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1322 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1320 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0746 βΌ
π Read
via "National Vulnerability Database".
The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1317 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1319 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1315 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1316 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1321 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1318 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-27164 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.π Read
via "National Vulnerability Database".
π₯1
β SHEIN shopping app goes rogue, grabs price and URL data from your clipboard β
π Read
via "Naked Security".
It's not exactly data theft, but it's worrying close to "unintentional treachery" - apparently because it's great for marketing purposesπ Read
via "Naked Security".
Naked Security
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
Itβs not exactly data theft, but itβs worryingly close to βunintentional treacheryβ β apparently because itβs great for marketing purposes
π΄ Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping π΄
π Read
via "Dark Reading".
A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.π Read
via "Dark Reading".
Dark Reading
Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping
A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.
βΌ CVE-2023-27852 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27850 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.π Read
via "National Vulnerability Database".