๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.4K subscribers
88.9K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.4K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-22729 โ€ผ

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.

๐Ÿ“– Read

via "National Vulnerability Database".
166 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-25276 โ€ผ

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.

๐Ÿ“– Read

via "National Vulnerability Database".
171 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30265 โ€ผ

CLTPHP <=6.0 is vulnerable to Directory Traversal.

๐Ÿ“– Read

via "National Vulnerability Database".
181 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30112 โ€ผ

Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection.

๐Ÿ“– Read

via "National Vulnerability Database".
187 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30266 โ€ผ

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.

๐Ÿ“– Read

via "National Vulnerability Database".
209 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1387 โ€ผ

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.

๐Ÿ“– Read

via "National Vulnerability Database".
244 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-25274 โ€ผ

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

๐Ÿ“– Read

via "National Vulnerability Database".
263 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30269 โ€ผ

CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.

๐Ÿ“– Read

via "National Vulnerability Database".
278 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด CyberGRX Announces Winners of the Inaugural Cyber Risk Nation Awards ๐Ÿ•ด

Awarded individuals and companies are trailblazers in third-party risk management.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
CyberGRX Announces Winners of the Inaugural Cyber Risk Nation Awards
Awarded individuals and companies are trailblazers in third-party risk management.
277 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30210 โ€ผ

OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.

๐Ÿ“– Read

via "National Vulnerability Database".
254 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2307 โ€ผ

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

๐Ÿ“– Read

via "National Vulnerability Database".
246 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-27979 โ€ผ

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.

๐Ÿ“– Read

via "National Vulnerability Database".
227 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-27978 โ€ผ

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.

๐Ÿ“– Read

via "National Vulnerability Database".
216 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30211 โ€ผ

OURPHP <= 7.2.0 is vulnerable to SQL Injection.

๐Ÿ“– Read

via "National Vulnerability Database".
213 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30212 โ€ผ

OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.

๐Ÿ“– Read

via "National Vulnerability Database".
235 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Google leaking 2FA secrets โ€“ researchers advise against new โ€œaccount syncโ€ feature for now โš 

You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
259 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด High-Severity SLP Flaw Can Amplify DDoS Attacks up to 2,200 Times ๐Ÿ•ด

More than 2,000 global organizations โ€” including Fortune 1,000 companies โ€” are at risk to reflective DDoS attacks that exploit a vulnerability discovered in the legacy Internet protocol.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
High-Severity SLP Flaw Can Amplify DDoS Attacks up to 2,200 Times
More than 2,000 global organizations โ€” including Fortune 1,000 companies โ€” are at risk to reflective DDoS attacks that exploit a vulnerability discovered in the legacy Internet protocol.
296 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling ๐Ÿ•ด

An old threat actor is making its comeback, sending around their old malware with a new tint.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling
An old threat actor is making its comeback, sending around its old malware with a new tint.
283 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29268 โ€ผ

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

๐Ÿ“– Read

via "National Vulnerability Database".
232 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-26935 โ€ผ

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.

๐Ÿ“– Read

via "National Vulnerability Database".
206 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-26938 โ€ผ

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc.

๐Ÿ“– Read

via "National Vulnerability Database".
188 views