βΌ CVE-2023-28458 βΌ
π Read
via "National Vulnerability Database".
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2176 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20864 βΌ
π Read
via "National Vulnerability Database".
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.π Read
via "National Vulnerability Database".
π΄ 'GhostToken' Opens Google Accounts to Permanent Infection π΄
π Read
via "Dark Reading".
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.π Read
via "Dark Reading".
Dark Reading
'GhostToken' Opens Google Accounts to Permanent Infection
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.
π΄ Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains
SANTA CLARA, Calif., April 20, 2023 /PRNewswire/ -- Infoblox Inc. the company that delivers a simplified, cloud- enabled networking and security platform for improved performance and protection, today published a threat report blog on a remote access trojanβ¦
βΌ CVE-2023-27352 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27354 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27353 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27355 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773.π Read
via "National Vulnerability Database".
βοΈ 3CX Breach Was a Double Supply Chain Compromise βοΈ
π Read
via "Krebs on Security".
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.π Read
via "Krebs on Security".
Krebs on Security
3CX Breach Was a Double Supply Chain Compromise
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accountsβ¦
π’ Best practices for Microsoft 365 business continuity π’
π Read
via "ITPro".
Discover how to mitigate the effects of large-scale, high-cost data loss disastersπ Read
via "ITPro".
ITPro
Best practices for Microsoft 365 business continuity
Discover how to mitigate the effects of large-scale, high-cost data loss disasters
π’ Best practices for Salesforce business continuity π’
π Read
via "ITPro".
Empowering businesses to invest more time and resources on actionable activitiesπ Read
via "ITPro".
ITPro
Best practices for Salesforce business continuity
Empowering businesses to invest more time and resources on actionable activities
βΌ CVE-2023-2205 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1892 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2204 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file faqs.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226969 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2211 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2208 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226973 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2206 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file contactus.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226971.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2209 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226974 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2207 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file contactus1.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226972.π Read
via "National Vulnerability Database".