🕴 Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers 🕴
📖 Read
via "Dark Reading".
Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.📖 Read
via "Dark Reading".
Dark Reading
Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers
Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.
🕴 'Good' AI Is the Only Path to True Zero-Trust Architecture 🕴
📖 Read
via "Dark Reading".
Ultimately AI will protect the enterprise, but it's up to the cybersecurity community to protect 'good' AI in order to get there, RSA's Rohit Ghai says.📖 Read
via "Dark Reading".
Dark Reading
'Good' AI Is the Only Path to True Zero-Trust Architecture
Ultimately, AI will protect the enterprise, but it's up to the cybersecurity community to protect "good" AI in order to get there, RSA's Rohit Ghai says.
‼ CVE-2023-30177 ‼
📖 Read
via "National Vulnerability Database".
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40723 ‼
📖 Read
via "National Vulnerability Database".
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28089 ‼
📖 Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28086 ‼
📖 Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose proxy credential settings📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28087 ‼
📖 Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose OneView user accounts📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45111 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40725 ‼
📖 Read
via "National Vulnerability Database".
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30545 ‼
📖 Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28090 ‼
📖 Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose SNMPv3 read credentials📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30839 ‼
📖 Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23721 ‼
📖 Read
via "National Vulnerability Database".
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45291 ‼
📖 Read
via "National Vulnerability Database".
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26263 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28088 ‼
📖 Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose SAN switch administrative credentials📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44465 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23837 ‼
📖 Read
via "National Vulnerability Database".
No exception handling vulnerability which revealed sensitive or excessive information to users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30838 ‼
📖 Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23166 ‼
📖 Read
via "National Vulnerability Database".
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45071 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.📖 Read
via "National Vulnerability Database".