βΌ CVE-2023-31435 βΌ
π Read
via "National Vulnerability Database".
Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30759 βΌ
π Read
via "National Vulnerability Database".
In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47875 βΌ
π Read
via "National Vulnerability Database".
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30944 βΌ
π Read
via "National Vulnerability Database".
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47876 βΌ
π Read
via "National Vulnerability Database".
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.π Read
via "National Vulnerability Database".
βοΈ Promising Jobs at the U.S. Postal Service, βUS Job Servicesβ Leaks Customer Data βοΈ
π Read
via "Krebs on Security".
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network's chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016.π Read
via "Krebs on Security".
Krebs on Security
Promising Jobs at the U.S. Postal Service, βUS Job Servicesβ Leaks Customer Data
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers.β¦
βΌ CVE-2023-2466 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2463 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2459 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-29839 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2467 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2464 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2460 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2462 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2468 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2461 βΌ
π Read
via "National Vulnerability Database".
Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2465 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
π’ Bolstering cyber security with the right channel partnerships π’
π Read
via "ITPro".
Organizations must draw on the expertise of their channel partners to support in-house security operations π Read
via "ITPro".
channelpro
Bolstering cyber security with the right channel partnerships
Organizations must draw on the expertise of their channel partners to support in-house security operations
π’ WatchGuard Firebox T85-PoE review: Big security in small spaces π’
π Read
via "ITPro".
A table-top appliance offering tough security measures for SMBs and remote offices at a great price π Read
via "ITPro".
ITPro
WatchGuard Firebox T85-PoE review: Big security in small spaces
A table-top appliance offering tough security measures for SMBs and remote offices at a great price
βΌ CVE-2023-23790 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods Γ’β¬β Custom Content Types and Fields plugin <=Γ 2.9.10.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25786 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <=Γ 1.8.2 versions.π Read
via "National Vulnerability Database".