โผ CVE-2023-0973 โผ
๐ Read
via "National Vulnerability Database".
STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in an application crash.๐ Read
via "National Vulnerability Database".
๐ด 200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware ๐ด
๐ Read
via "Dark Reading".
๐ Read
via "Dark Reading".
Dark Reading
200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware
BENGALURU, March 10 โ CloudSEK researchers have detected an increase of 200-300% month-on-month in YouTube videos containing links to stealer malware such as Vidar, RedLine, and Raccoon in their descriptions since November 2022.
๐ด SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital ๐ด
๐ Read
via "Dark Reading".
The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.๐ Read
via "Dark Reading".
Dark Reading
SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital
The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.
โผ CVE-2023-25802 โผ
๐ Read
via "National Vulnerability Database".
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0353 โผ
๐ Read
via "National Vulnerability Database".
Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0350 โผ
๐ Read
via "National Vulnerability Database".
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24279 โผ
๐ Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23790 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27501 โผ
๐ Read
via "National Vulnerability Database".
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26460 โผ
๐ Read
via "National Vulnerability Database".
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27500 โผ
๐ Read
via "National Vulnerability Database".
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2022-47595 โผ
๐ Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47163 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database รขโฌโ Insert CSV file content into WordPress plugin <= 2.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47443 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23791 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23857 โผ
๐ Read
via "National Vulnerability Database".
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27894 โผ
๐ Read
via "National Vulnerability Database".
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25615 โผ
๐ Read
via "National Vulnerability Database".
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24526 โผ
๐ Read
via "National Vulnerability Database".
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26457 โผ
๐ Read
via "National Vulnerability Database".
SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.๐ Read
via "National Vulnerability Database".