βΌ CVE-2023-23861 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47438 βΌ
π Read
via "National Vulnerability Database".
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47433 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38077 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything Γ’β¬β A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48430 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48433 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28158 βΌ
π Read
via "National Vulnerability Database".
Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.π Read
via "National Vulnerability Database".
π΄ The CISO Mantra: Get Ready to Do More With Less π΄
π Read
via "Dark Reading".
For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.π Read
via "Dark Reading".
Dark Reading
The CISO Mantra: Get Ready to Do More With Less
For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.
βΌ CVE-2023-28892 βΌ
π Read
via "National Vulnerability Database".
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26982 βΌ
π Read
via "National Vulnerability Database".
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1680 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1663 βΌ
π Read
via "National Vulnerability Database".
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)π Read
via "National Vulnerability Database".
βΌ CVE-2023-1575 βΌ
π Read
via "National Vulnerability Database".
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.π Read
via "National Vulnerability Database".
β€1
β Cops use fake DDoS services to take aim at wannabe cybercriminals β
π Read
via "Naked Security".
Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!π Read
via "Naked Security".
Naked Security
Cops use fake DDoS services to take aim at wannabe cybercriminals
Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Donβt do it!
β Apple patches everything, including a zero-day fix for iOS 15 users β
π Read
via "Naked Security".
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Using Observability to Power a Smarter Cybersecurity Strategy π΄
π Read
via "Dark Reading".
With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.π Read
via "Dark Reading".
Dark Reading
Using Observability to Power a Smarter Cybersecurity Strategy
With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.
π΄ Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits π΄
π Read
via "Dark Reading".
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.π Read
via "Dark Reading".
Dark Reading
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
βΌ CVE-2023-1704 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1550 βΌ
π Read
via "National Vulnerability Database".
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26290 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47596 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <= 1.9.9 versions.π Read
via "National Vulnerability Database".