βΌ CVE-2023-23862 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <=Γ 14.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23793 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <=Γ 3.1 versions.π Read
via "National Vulnerability Database".
π΄ Half of npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key π΄
π Read
via "Dark Reading".
For years, hackers could have tricked enterprises into downloading malware by simply de-capitalizing letters.π Read
via "Dark Reading".
Dark Reading
Npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key
For years, hackers could have tricked enterprises into downloading malware by simply de-capitalizing letters in uppercase-named npm packages.
π΄ Royal Ransomware Expands to Target Linux, VMware ESXi π΄
π Read
via "Dark Reading".
The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access.π Read
via "Dark Reading".
Dark Reading
Royal Ransomware Expands to Target Linux, VMware ESXi
The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access.
βοΈ Feds Take Down 13 More DDoS-for-Hire Services βοΈ
π Read
via "Krebs on Security".
The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to βbooterβ services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.π Read
via "Krebs on Security".
Krebs on Security
Feds Take Down 13 More DDoS-for-Hire Services
The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to βbooterβ services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hireβ¦
π΄ Keep Your Company Cyber Competent Without Adding Cyber Anxiety π΄
π Read
via "Dark Reading".
With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity.π Read
via "Dark Reading".
Dark Reading
Keep Your Company Cyber Competent Without Adding Cyber Anxiety
With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity.
βΌ CVE-2023-31974 βΌ
π Read
via "National Vulnerability Database".
yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29104 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30985 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)π Read
via "National Vulnerability Database".
βΌ CVE-2022-46858 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <=Γ 0.6.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27407 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29103 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30986 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)π Read
via "National Vulnerability Database".
βΌ CVE-2023-31975 βΌ
π Read
via "National Vulnerability Database".
yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23647 βΌ
π Read
via "National Vulnerability Database".
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member Γ’β¬β Team with Slider plugin <=Γ 4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29105 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-31126 βΌ
π Read
via "National Vulnerability Database".
`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46864 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <=Γ 0.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27408 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29106 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28832 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.π Read
via "National Vulnerability Database".