‼ CVE-2023-29584 ‼
📖 Read
via "National Vulnerability Database".
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27648 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1617 ‼
📖 Read
via "National Vulnerability Database".
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47027 ‼
📖 Read
via "National Vulnerability Database".
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2055 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/config_save.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225940.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27653 ‼
📖 Read
via "National Vulnerability Database".
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2050 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2051 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2054 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939.📖 Read
via "National Vulnerability Database".
🔥1
🕴 SASE Market Worth $5.9B by 2028 — Report by MarketsandMarkets™ 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
SASE Market Worth $5.9B by 2028 — Report by MarketsandMarkets™
CHICAGO, April 14, 2023 /PRNewswire/ -- The global SASE Market size is projected to grow from USD 1.9 billion in 2023 to USD 5.9 billion by 2028, at a Compound Annual Growth Rate (CAGR) of 25.0% during the forecast period, according to a new report by Ma…
🛠Suricata IDPE 6.0.11 ðŸ›
📖 Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.11 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠I2P 2.2.1 ðŸ›
📖 Read
via "Packet Storm Security".
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.📖 Read
via "Packet Storm Security".
Packetstormsecurity
I2P 2.2.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2023-29803 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29799 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45174 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45178 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29850 ‼
📖 Read
via "National Vulnerability Database".
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29805 ‼
📖 Read
via "National Vulnerability Database".
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2056 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2058 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22949 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.📖 Read
via "National Vulnerability Database".