βΌ CVE-2023-1792 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-1794 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input "><script>alert(233)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1π₯1
βΌ CVE-2023-26119 βΌ
π Read
via "National Vulnerability Database".
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attackerΓ’β¬β’s webpage.π Read
via "National Vulnerability Database".
π΄ 4 Steps for Shifting Left & Winning the Cybersecurity Battle π΄
π Read
via "Dark Reading".
If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for.π Read
via "Dark Reading".
Dark Reading
4 Steps for Shifting Left & Winning the Cybersecurity Battle
If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for.
βΌ CVE-2023-26529 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.π Read
via "National Vulnerability Database".
π΄ Name That Edge Toon: Tower of Babble π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Tower of Babble
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ How Good Is Your Advanced Threat Management? π΄
π Read
via "Dark Reading".
Whether protecting a financial institution or a hospital, everyone needs an effective strategy for fending off slippery threats like those that hide in memory.π Read
via "Dark Reading".
Dark Reading
How Good Is Your Advanced Threat Management?
Whether protecting a financial institution or a hospital, everyone needs an effective strategy for fending off slippery threats like those that hide in memory.
βΌ CVE-2022-38922 βΌ
π Read
via "National Vulnerability Database".
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27665 βΌ
π Read
via "National Vulnerability Database".
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28625 βΌ
π Read
via "National Vulnerability Database".
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1766 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1377 βΌ
π Read
via "National Vulnerability Database".
The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1765 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0399 βΌ
π Read
via "National Vulnerability Database".
The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1330 βΌ
π Read
via "National Vulnerability Database".
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38923 βΌ
π Read
via "National Vulnerability Database".
BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0820 βΌ
π Read
via "National Vulnerability Database".
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1124 βΌ
π Read
via "National Vulnerability Database".
The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.π Read
via "National Vulnerability Database".
βοΈ A Serial Tech Investment Scammer Takes Up Coding? βοΈ
π Read
via "Krebs on Security".
John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies' newest invention appears to be "CodesToYou," which purports to be a "full cycle software development company" based in the U.K.π Read
via "Krebs on Security".
Krebs on Security
A Serial Tech Investment Scammer Takes Up Coding?
John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to beβ¦
π₯1
β Researchers claim they can bypass Wi-Fi encryption (briefly, at least) β
π Read
via "Naked Security".
They can't read much of your data, but even a few stray network packets could tell them something they're not supposed to know.π Read
via "Naked Security".
Naked Security
Researchers claim they can bypass Wi-Fi encryption (briefly, at least)
They canβt read much of your data, but even a few stray network packets could tell them something theyβre not supposed to know.
π€1
β World Backup Day is here again β 5 tips to keep your precious data safe β
π Read
via "Naked Security".
The only backup you will ever regret is the one you didn't make...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News