โผ CVE-2023-1133 โผ
๐ Read
via "National Vulnerability Database".
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1140 โผ
๐ Read
via "National Vulnerability Database".
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1135 โผ
๐ Read
via "National Vulnerability Database".
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1145 โผ
๐ Read
via "National Vulnerability Database".
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1142 โผ
๐ Read
via "National Vulnerability Database".
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22707 โผ
๐ Read
via "National Vulnerability Database".
Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift รขโฌโ animation and page builder blocks plugin <= 4.9.9 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27296 โผ
๐ Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it. [1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26958 โผ
๐ Read
via "National Vulnerability Database".
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1655 โผ
๐ Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.๐ Read
via "National Vulnerability Database".
โ Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store โ
๐ Read
via "Naked Security".
Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.๐ Read
via "Naked Security".
Sophos News
Naked Security โ Sophos News
๐ด Drive to Pervasive Encryption Boosts Key Management ๐ด
๐ Read
via "Dark Reading".
Key vaults, aka key management as a service (KMaaS), promise to allow companies to encrypt sensitive data across cloud and third parties with granular control.๐ Read
via "Dark Reading".
Dark Reading
Drive to Pervasive Encryption Boosts Key Management
Key vaults, aka key-management-as-a-service (KMaaS), promise to allow companies to encrypt sensitive data across cloud and third parties with granular control.
๐ด 7 Women Leading the Charge in Cybersecurity Research & Analysis ๐ด
๐ Read
via "Dark Reading".
From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands.๐ Read
via "Dark Reading".
Dark Reading
7 Women Leading the Charge in Cybersecurity Research & Analysis
From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands.
โผ CVE-2023-0589 โผ
๐ Read
via "National Vulnerability Database".
The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0498 โผ
๐ Read
via "National Vulnerability Database".
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0660 โผ
๐ Read
via "National Vulnerability Database".
The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0441 โผ
๐ Read
via "National Vulnerability Database".
The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0336 โผ
๐ Read
via "National Vulnerability Database".
The OoohBoi Steroids for Elementor WordPress plugin through 2.1.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0495 โผ
๐ Read
via "National Vulnerability Database".
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0955 โผ
๐ Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27245 โผ
๐ Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1093 โผ
๐ Read
via "National Vulnerability Database".
The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack๐ Read
via "National Vulnerability Database".