‼ CVE-2023-29514 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29518 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30555 ‼
📖 Read
via "National Vulnerability Database".
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input coming from the `db_name` parameter value in the `explain` endpoint is passed to the following `query` methods of each database engine for execution. `query` in `sql/engines/mssql.py`, and `query` in `sql/engines/oracle.py`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-108`.📖 Read
via "National Vulnerability Database".
📢 Modernising identity for a secure, agile hybrid workforce 📢
📖 Read
via "ITPro".
Pave the way towards a modern, secure, efficient, and sustainable hybrid workplac📖 Read
via "ITPro".
ITPro
Modernising identity for a secure, agile hybrid workforce
Pave the way towards a modern, secure, efficient, and sustainable hybrid workplace
📢 Businesses at work 📢
📖 Read
via "ITPro".
Discussing the most popular apps and top performing apps of 2022, and the rise of Zero Trust security📖 Read
via "ITPro".
ITPro
Businesses at work
Discussing the most popular apps and top performing apps of 2022, and the rise of Zero Trust security
📢 Nintendo hacker forced to pay company 25-30% of earnings for life 📢
📖 Read
via "ITPro".
Gary Bowser pled guilty to hacking charges in 2021📖 Read
via "ITPro".
IT Pro
Nintendo hacker forced to pay company 25-30% of earnings for life
Gary Bowser pled guilty to hacking charges in 2021
📢 Transcript: How can we stop insider theft? 📢
📖 Read
via "ITPro".
Read the full transcript for this episode of the IT Pro Podcast📖 Read
via "ITPro".
ITPro
Transcript: How can we stop insider theft?
Read the full transcript for this episode of the IT Pro Podcast
🕴 Akamai Technologies to Acquire API Security Company Neosec 🕴
📖 Read
via "Dark Reading".
Combined solutions expected to deliver complete API visibility and security coverage across all of the OWASP API top 10 attacks.📖 Read
via "Dark Reading".
Dark Reading
Akamai Technologies to Acquire API Security Company Neosec
Combined solutions expected to deliver complete API visibility and security coverage across all of the OWASP API top 10 attacks.
🕴 How to Prevent 2 Common Attacks on MFA 🕴
📖 Read
via "Dark Reading".
MFA isn't immune from the tug of war between attackers and defenders.📖 Read
via "Dark Reading".
Dark Reading
How to Prevent 2 Common Attacks on MFA
MFA isn't immune from the tug of war between attackers and defenders.
‼ CVE-2023-27777 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30463 ‼
📖 Read
via "National Vulnerability Database".
Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38125 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26599 ‼
📖 Read
via "National Vulnerability Database".
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29921 ‼
📖 Read
via "National Vulnerability Database".
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0317 ‼
📖 Read
via "National Vulnerability Database".
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27776 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25759 ‼
📖 Read
via "National Vulnerability Database".
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22645 ‼
📖 Read
via "National Vulnerability Database".
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4308 ‼
📖 Read
via "National Vulnerability Database".
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25760 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload📖 Read
via "National Vulnerability Database".
❤1