βΌ CVE-2021-45423 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27010 βΌ
π Read
via "National Vulnerability Database".
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1378 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This vulnerability affects unknown code of the file paypalsuccess.php of the component POST Parameter Handler. The manipulation of the argument cusid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222904.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27580 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all usersΓ’β¬β’ hashed passwords should be updated (saved to the database). There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25279 βΌ
π Read
via "National Vulnerability Database".
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0973 βΌ
π Read
via "National Vulnerability Database".
STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in an application crash.π Read
via "National Vulnerability Database".
π΄ 200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware
BENGALURU, March 10 β CloudSEK researchers have detected an increase of 200-300% month-on-month in YouTube videos containing links to stealer malware such as Vidar, RedLine, and Raccoon in their descriptions since November 2022.
π΄ SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital π΄
π Read
via "Dark Reading".
The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.π Read
via "Dark Reading".
Dark Reading
SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital
The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.
βΌ CVE-2023-25802 βΌ
π Read
via "National Vulnerability Database".
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0353 βΌ
π Read
via "National Vulnerability Database".
Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0350 βΌ
π Read
via "National Vulnerability Database".
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24279 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23790 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27501 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-26460 βΌ
π Read
via "National Vulnerability Database".
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-27500 βΌ
π Read
via "National Vulnerability Database".
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-47595 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47163 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database Γ’β¬β Insert CSV file content into WordPress plugin <= 2.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47443 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23791 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.π Read
via "National Vulnerability Database".