βΌ CVE-2023-31470 βΌ
π Read
via "National Vulnerability Database".
SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26813 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2390 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2389 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29057 βΌ
π Read
via "National Vulnerability Database".
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as Γ’β¬ΕLocal First, then LDAPΓ’β¬οΏ½.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29058 βΌ
π Read
via "National Vulnerability Database".
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30858 βΌ
π Read
via "National Vulnerability Database".
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2388 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31444 βΌ
π Read
via "National Vulnerability Database".
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30405 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23647 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26782 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2394 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2391 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π’ There's only one way to avoid credential stuffing attacks π’
π Read
via "ITPro".
PayPal accounts were breached last year due to a credential stuffing attack, but can PayPal avoid taking responsibility? π Read
via "ITPro".
IT Pro
There's only one way to avoid credential stuffing attacks
PayPal accounts were breached last year due to a credential stuffing attack, but can PayPal avoid taking responsibility?
βΌ CVE-2023-30441 βΌ
π Read
via "National Vulnerability Database".
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-2426 βΌ
π Read
via "National Vulnerability Database".
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.π Read
via "National Vulnerability Database".
β Mac malware-for-hire steals passwords and cryptocoins, sends βcrime logsβ via Telegram β
π Read
via "Naked Security".
These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short. π Read
via "Naked Security".
βΌ CVE-2023-2429 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2023-2428 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10105 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1