βΌ CVE-2023-21118 βΌ
π Read
via "National Vulnerability Database".
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004π Read
via "National Vulnerability Database".
βΌ CVE-2023-21104 βΌ
π Read
via "National Vulnerability Database".
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771π Read
via "National Vulnerability Database".
βΌ CVE-2023-20707 βΌ
π Read
via "National Vulnerability Database".
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20704 βΌ
π Read
via "National Vulnerability Database".
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2708 βΌ
π Read
via "National Vulnerability Database".
The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Γ’β¬Λsearch_termΓ’β¬β’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2710 βΌ
π Read
via "National Vulnerability Database".
The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-29961 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,π Read
via "National Vulnerability Database".
βΌ CVE-2023-23709 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <=Γ 6.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23703 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <=Γ 2.1.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23657 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <=Γ 2.1.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23720 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis VΓΒ©rifiΓΒ©s) plugin <=Γ 2.3.13 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23641 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <=Γ 1.4.3 versions.π Read
via "National Vulnerability Database".
π’ Is the new .zip top-level domain a cyber security risk? π’
π Read
via "ITPro".
While some experts have branded the new domain βunnecessaryβ, others dispute its usefulness for attacks π Read
via "ITPro".
Cloud Pro
Is the new .zip top-level domain a cyber security risk?
While some experts have branded the new domain βunnecessaryβ, others dispute its usefulness for attacks
βοΈ Re-Victimization from Police-Auctioned Cell Phones βοΈ
π Read
via "Krebs on Security".
Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.π Read
via "Krebs on Security".
Krebs on Security
Re-Victimization from Police-Auctioned Cell Phones
Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found.β¦
π΄ 4 Big Mistakes to Avoid in OT Incident Response π΄
π Read
via "Dark Reading".
What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.π Read
via "Dark Reading".
Dark Reading
4 Big Mistakes to Avoid in OT Incident Response
What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.
βΌ CVE-2023-2730 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.π Read
via "National Vulnerability Database".
π΄ Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack π΄
π Read
via "Dark Reading".
Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.π Read
via "Dark Reading".
Dark Reading
Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack
Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.
βΌ CVE-2023-31857 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29439 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <=Γ 2.2.35 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2738 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31587 βΌ
π Read
via "National Vulnerability Database".
Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.π Read
via "National Vulnerability Database".