βΌ CVE-2023-1909 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-23761 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gistΓ’β¬β’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1940 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1942 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1941 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23762 βΌ
π Read
via "National Vulnerability Database".
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before itΓ’β¬β’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
π΄ Almost Half of Former Employees Say Their Passwords Still Work π΄
π Read
via "Dark Reading".
It's not hacking if organizations fail to terminate password access after employees leave.π Read
via "Dark Reading".
Dark Reading
Almost Half of Former Employees Say Their Passwords Still Work
It's not hacking if organizations fail to terminate password access after employees leave.
βΌ CVE-2023-1801 βΌ
π Read
via "National Vulnerability Database".
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27033 βΌ
π Read
via "National Vulnerability Database".
Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().π Read
via "National Vulnerability Database".
βΌ CVE-2023-27180 βΌ
π Read
via "National Vulnerability Database".
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43309 βΌ
π Read
via "National Vulnerability Database".
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.π Read
via "National Vulnerability Database".
β Apple issues emergency patches for spyware-style 0-day exploits β update now! β
π Read
via "Naked Security".
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-1956 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1954 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1959 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1955 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1958 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1953 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30450 βΌ
π Read
via "National Vulnerability Database".
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.π Read
via "National Vulnerability Database".
β Popular server-side JavaScript security sandbox βvm2β patches remote execution hole β
π Read
via "Naked Security".
The security error was in the error handling system that was supposed to catch potential security errors...π Read
via "Naked Security".
Naked Security
Popular server-side JavaScript security sandbox βvm2β patches remote execution hole
The security error was in the error handling system that was supposed to catch potential security errorsβ¦