๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2056 โ€ผ

A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
122 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2058 โ€ผ

A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943.

๐Ÿ“– Read

via "National Vulnerability Database".
119 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-22949 โ€ผ

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.

๐Ÿ“– Read

via "National Vulnerability Database".
119 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2057 โ€ผ

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
115 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29802 โ€ผ

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

๐Ÿ“– Read

via "National Vulnerability Database".
118 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29798 โ€ผ

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

๐Ÿ“– Read

via "National Vulnerability Database".
122 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30459 โ€ผ

SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).

๐Ÿ“– Read

via "National Vulnerability Database".
135 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29801 โ€ผ

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.

๐Ÿ“– Read

via "National Vulnerability Database".
142 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-3748 โ€ผ

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.This issue affects Access Management: from 6.5.0 through 7.2.0.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2059 โ€ผ

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.

๐Ÿ“– Read

via "National Vulnerability Database".
165 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28091 โ€ผ

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

๐Ÿ“– Read

via "National Vulnerability Database".
201 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45175 โ€ผ

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.

๐Ÿ“– Read

via "National Vulnerability Database".
222 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29847 โ€ผ

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

๐Ÿ“– Read

via "National Vulnerability Database".
275 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  S3 Ep130: Open the garage bay doors, HAL [Audio + Text] โš 

I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

๐Ÿ“– Read

via "Naked Security".
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
Iโ€™m sorry, Dave. Iโ€™m afraid I canโ€™tโ€ฆ errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
๐Ÿ”ฅ1
302 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Western Digital Hackers Demand 8-Figure Ransom Payment for Data ๐Ÿ•ด

Western Digital has yet to comment on claims that the breach reported earlier this month led to data being stolen.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Western Digital Hackers Demand 8-Figure Ransom Payment for Data
Western Digital has yet to comment on claims that the breach reported earlier this month led to data being stolen.
303 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47501 โ€ผ

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is aร‚  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.

๐Ÿ“– Read

via "National Vulnerability Database".
304 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Security Is a Revenue Booster, Not a Cost Center ๐Ÿ•ด

Focusing on what customers and partners need from a company can help CISOs show the real financial benefits of improving cybersecurity.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Security Is a Revenue Booster, Not a Cost Center
Focusing on what customers and partners need from a company can help CISOs show the real financial benefits of improving cybersecurity.
285 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Software-Dependency Data Delivers Security to Developers ๐Ÿ•ด

Google has opened up its software-dependency database, adding to the security data available to developers and tool makers. Now developers need to use it.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Software-Dependency Data Delivers Security to Developers
Google has opened up its software-dependency database, adding to the security data available to developers and toolmakers. Now developers need to use it.
271 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement ๐Ÿ•ด

Detailing how extended IoT (xIoT) devices can be used at scale by attackers to establish persistence across networks and what enterprises should start doing about the risk.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement
Detailing how extended IoT (xIoT) devices can be used at scale by attackers to establish persistence across networks and what enterprises should start doing about the risk.
233 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29067 โ€ผ

A maliciously crafted X_B file when parsed through Autodeskร‚ยฎ AutoCADร‚ยฎ 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

๐Ÿ“– Read

via "National Vulnerability Database".
184 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27915 โ€ผ

A maliciously crafted X_B file when parsed through Autodeskร‚ยฎ AutoCADร‚ยฎ 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

๐Ÿ“– Read

via "National Vulnerability Database".
166 views