βΌ CVE-2023-32073 βΌ
π Read
via "National Vulnerability Database".
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31919 βΌ
π Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.π Read
via "National Vulnerability Database".
β Whodunnit? Cybercrook gets 6 years for ransoming his own employer β
π Read
via "Naked Security".
Not just an active adversary, but a two-faced one, too.π Read
via "Naked Security".
Naked Security
Whodunnit? Cybercrook gets 6 years for ransoming his own employer
Not just an active adversary, but a two-faced one, too.
βΌ CVE-2023-31983 βΌ
π Read
via "National Vulnerability Database".
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25428 βΌ
π Read
via "National Vulnerability Database".
A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25958 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <=Γ 2.1.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23810 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <=Γ 1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22685 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <=Γ v2.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28414 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <=Γ 1.3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25460 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <=Γ 1.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48020 βΌ
π Read
via "National Vulnerability Database".
Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser.π Read
via "National Vulnerability Database".
π΄ Malicious Chatbots Target Casinos in Southeast Asia π΄
π Read
via "Dark Reading".
Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies.π Read
via "Dark Reading".
Dark Reading
Malicious Chatbots Target Casinos in Southeast Asia
Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies.
π΄ New Competition Focuses on Hardening Cryptosystems π΄
π Read
via "Dark Reading".
The Technology Innovation Instituteβs year-long cryptographic challenge invites participants to assess concrete hardness of McEliece public-key encryption scheme.π Read
via "Dark Reading".
Dark Reading
New Competition Focuses on Hardening Cryptosystems
The Technology Innovation Instituteβs year-long cryptographic challenges invite participants to assess the concrete hardness of McEliece public-key encryption scheme.
π΄ Making Sure Lost Data Stays Lost π΄
π Read
via "Dark Reading".
Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness.π Read
via "Dark Reading".
Dark Reading
Making Sure Lost Data Stays Lost
Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness.
π΄ An Analyst View of XM Cyberβs Acquisition of Confluera π΄
π Read
via "Dark Reading".
The deal will enhance the capabilities of both companies and provide customers with a more comprehensive way to protect their digital assets.π Read
via "Dark Reading".
Dark Reading
An Analyst View of XM Cyberβs Acquisition of Confluera
The deal will enhance the capabilities of both companies and provide customers with a more comprehensive way to protect their digital assets.
βΌ CVE-2023-2457 βΌ
π Read
via "National Vulnerability Database".
Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-32306 βΌ
π Read
via "National Vulnerability Database".
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32305 βΌ
π Read
via "National Vulnerability Database".
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30247 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25927 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27863 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.π Read
via "National Vulnerability Database".