🕴 Rethinking Cybersecurity's Structure & the Role of the Modern CISO 🕴
📖 Read
via "Dark Reading".
A CISO with a focused role will be better prepared to thrive in an organization and accelerate adoption and understanding of cybersecurity.📖 Read
via "Dark Reading".
Dark Reading
Rethinking Cybersecurity's Structure & the Role of the Modern CISO
A CISO with a focused role will be better prepared to thrive in an organization and accelerate adoption and understanding of cybersecurity.
‼ CVE-2023-26860 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26774 ‼
📖 Read
via "National Vulnerability Database".
An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36077 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26788 ‼
📖 Read
via "National Vulnerability Database".
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10099 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1426 ‼
📖 Read
via "National Vulnerability Database".
The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0874 ‼
📖 Read
via "National Vulnerability Database".
The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0363 ‼
📖 Read
via "National Vulnerability Database".
The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0423 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41976 ‼
📖 Read
via "National Vulnerability Database".
An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0157 ‼
📖 Read
via "National Vulnerability Database".
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1478 ‼
📖 Read
via "National Vulnerability Database".
The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25392 ‼
📖 Read
via "National Vulnerability Database".
Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1120 ‼
📖 Read
via "National Vulnerability Database".
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0983 ‼
📖 Read
via "National Vulnerability Database".
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0605 ‼
📖 Read
via "National Vulnerability Database".
The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29376 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1406 ‼
📖 Read
via "National Vulnerability Database".
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1122 ‼
📖 Read
via "National Vulnerability Database".
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".