βΌ CVE-2023-28733 βΌ
π Read
via "National Vulnerability Database".
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28731 βΌ
π Read
via "National Vulnerability Database".
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28732 βΌ
π Read
via "National Vulnerability Database".
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23681 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25040 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin Γ’β¬β Shortcodes Ultimate plugin <= 5.12.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24399 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.π Read
via "National Vulnerability Database".
π΄ Stop Blaming the End User for Security Risk π΄
π Read
via "Dark Reading".
Don't count on securing end users for system security. Instead, focus on better securing the systems β make them closed by default and build with a security-first approach.π Read
via "Dark Reading".
Dark Reading
Stop Blaming the End User for Security Risk
Don't count on securing end users for system security. Instead, focus on better securing the systems β make them closed by default and build with a security-first approach.
β S3 Ep128: So you want to be a cybercriminal? [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
Latest episode β listen now!
βΌ CVE-2023-25076 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1725 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.π Read
via "National Vulnerability Database".
π΄ Socura Launches Managed SASE (MSASE) Service π΄
π Read
via "Dark Reading".
SASE reduces security & connectivity costs and improves employee experience.π Read
via "Dark Reading".
Dark Reading
Socura Launches Managed SASE (MSASE) Service
SASE reduces security & connectivity costs and improves employee experience.
β Supply chain blunder puts 3CX telephone app users at risk β
π Read
via "Naked Security".
Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.π Read
via "Naked Security".
Naked Security
Supply chain blunder puts 3CX telephone app users at risk
Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.
π΄ DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud π΄
π Read
via "Dark Reading".
The investment will fund global commercial rollout and R&D efforts to debilitate fraudsters.π Read
via "Dark Reading".
Dark Reading
DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud
The investment will fund global commercial rollout and R&D efforts to debilitate fraudsters.
βΌ CVE-2023-29059 βΌ
π Read
via "National Vulnerability Database".
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24473 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
π΄ Organizations Reassess Cyber Insurance as Self-Insurance Strategies Emerge π΄
π Read
via "Dark Reading".
Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance.π Read
via "Dark Reading".
Dark Reading
Organizations Consider Self-Insurance to Manage Risk
Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance.
βΌ CVE-2023-24472 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30350 βΌ
π Read
via "National Vulnerability Database".
Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22845 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30351 βΌ
π Read
via "National Vulnerability Database".
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is "locked" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43473 βΌ
π Read
via "National Vulnerability Database".
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.π Read
via "National Vulnerability Database".