βΌ CVE-2022-4661 βΌ
π Read
via "National Vulnerability Database".
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0219 βΌ
π Read
via "National Vulnerability Database".
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4652 βΌ
π Read
via "National Vulnerability Database".
The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
π΄ Hike in AI-Created YouTube Videos Loaded With Malware π΄
π Read
via "Dark Reading".
AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more.π Read
via "Dark Reading".
Dark Reading
AI-Created YouTube Videos Spread Around Malware
AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more.
π΄ Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures π΄
π Read
via "Dark Reading".
AT&T, PayPal, and Microsoft top the list of domains that victims visit following a link in a phishing email, as firms fight to prevent fraud and credential harvesting.π Read
via "Dark Reading".
Dark Reading
Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures
AT&T, PayPal, and Microsoft top the list of domains that victims visit following a link in a phishing email, as firms fight to prevent fraud and credential harvesting.
βΌ CVE-2021-45423 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27010 βΌ
π Read
via "National Vulnerability Database".
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1378 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This vulnerability affects unknown code of the file paypalsuccess.php of the component POST Parameter Handler. The manipulation of the argument cusid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222904.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27580 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all usersΓ’β¬β’ hashed passwords should be updated (saved to the database). There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25279 βΌ
π Read
via "National Vulnerability Database".
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0973 βΌ
π Read
via "National Vulnerability Database".
STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in an application crash.π Read
via "National Vulnerability Database".
π΄ 200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware
BENGALURU, March 10 β CloudSEK researchers have detected an increase of 200-300% month-on-month in YouTube videos containing links to stealer malware such as Vidar, RedLine, and Raccoon in their descriptions since November 2022.
π΄ SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital π΄
π Read
via "Dark Reading".
The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.π Read
via "Dark Reading".
Dark Reading
SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital
The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.
βΌ CVE-2023-25802 βΌ
π Read
via "National Vulnerability Database".
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0353 βΌ
π Read
via "National Vulnerability Database".
Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0350 βΌ
π Read
via "National Vulnerability Database".
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24279 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23790 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27501 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-26460 βΌ
π Read
via "National Vulnerability Database".
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identityπ Read
via "National Vulnerability Database".