βΌ CVE-2023-2336 βΌ
π Read
via "National Vulnerability Database".
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29255 βΌ
π Read
via "National Vulnerability Database".
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2339 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
β Google leaking 2FA secrets β researchers advise against new βaccount syncβ feature for now β
π Read
via "Naked Security".
You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-2344 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30847 βΌ
π Read
via "National Vulnerability Database".
H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2341 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24966 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2347 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30338 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-2346 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2343 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30349 βΌ
π Read
via "National Vulnerability Database".
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2348 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2342 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2345 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588.π Read
via "National Vulnerability Database".
β S3 Ep132: Proof-of-concept lets anyone hack at will β
π Read
via "Naked Security".
When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)π Read
via "Naked Security".
Naked Security
S3 Ep132: Proof-of-concept lets anyone hack at will
When Doug says, βHappy Remote Code Execution Day, Duckββ¦ itβs irony. For the avoidance of all doubt :-)
π΄ Continuous Scanning Is Imperative for Effective Web Application Security π΄
π Read
via "Dark Reading".
New research from Invicti shows that an increase in security scanning cadence contributes to improved security posture over time.π Read
via "Dark Reading".
Dark Reading
Continuous Scanning Is Imperative for Effective Web Application Security
New research from Invicti shows that an increase in security scanning cadence contributes to improved security posture over time.
π΄ The White House National Cybersecurity Strategy Has a Fatal Flaw π΄
π Read
via "Dark Reading".
The government needs to shift focus and reconsider how it thinks about securing our nation's digital and physical assets.π Read
via "Dark Reading".
Dark Reading
The White House National Cybersecurity Strategy Has a Fatal Flaw
The government needs to shift focus and reconsider how it thinks about securing our nation's digital and physical assets.
π΄ SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023 π΄
π Read
via "Dark Reading".
SEO-aided attacks, developer targeting, and malicious use of AI top the list for 2023.π Read
via "Dark Reading".
Dark Reading
SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023
SEO-aided attacks, developer targeting, and malicious use of AI top the list for 2023.
βΌ CVE-2023-30848 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.π Read
via "National Vulnerability Database".