βΌ CVE-2023-31698 βΌ
π Read
via "National Vulnerability Database".
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31902 βΌ
π Read
via "National Vulnerability Database".
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-31703 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30438 βΌ
π Read
via "National Vulnerability Database".
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31904 βΌ
π Read
via "National Vulnerability Database".
savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2679 βΌ
π Read
via "National Vulnerability Database".
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31903 βΌ
π Read
via "National Vulnerability Database".
GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.π Read
via "National Vulnerability Database".
π΄ Sunday Paper Debacle: Philadelphia Inquirer Scrambles to Respond to Cyberattack π΄
π Read
via "Dark Reading".
It's still unclear when systems for Pennsylvania's largest media outlet will be fully restored, as employees were told to stay at home through Tuesday, May 16.π Read
via "Dark Reading".
Dark Reading
Sunday Paper Debacle: Philadelphia Inquirer Scrambles to Respond to Cyberattack
It's still unclear when systems for Pennsylvania's largest media outlet will be fully restored, as employees were told to stay at home through Tuesday.
π AIDE 0.18.3 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ How to Protect Your Organization From Vulnerabilities π΄
π Read
via "Dark Reading".
Cobalt's fifth edition of "The State of Penetration Testing Report" taps into data from 3,100 pen tests and more than 1,000 responses from security practitioners.π Read
via "Dark Reading".
Dark Reading
How to Protect Your Organization From Vulnerabilities
Cobalt's fifth edition of "The State of Penetration Testing Report" taps into data from 3,100 pen tests and more than 1,000 responses from security practitioners.
β Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched β
π Read
via "Naked Security".
Yes, it's a buffer overflow bug. No, it's not going get fixed.π Read
via "Naked Security".
Naked Security
Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched
Yes, itβs a buffer overflow bug. No, itβs not going get fixed.
βΌ CVE-2023-31723 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31700 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31724 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31725 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31722 βΌ
π Read
via "National Vulnerability Database".
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).π Read
via "National Vulnerability Database".
βΌ CVE-2023-31701 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.π Read
via "National Vulnerability Database".
β US offers $10m bounty for Russian ransomware suspect outed in indictment β
π Read
via "Naked Security".
"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."π Read
via "Naked Security".
Naked Security
US offers $10m bounty for Russian ransomware suspect outed in indictment
βUp to $10 million for information that leads to the arrest and/or conviction of this defendant.β
π1
π΄ Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table π΄
π Read
via "Dark Reading".
Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions. π Read
via "Dark Reading".
Dark Reading
Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table
Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions.
π΄ Microsoft Teams Features Amp Up Orgs' Cyberattack Exposure π΄
π Read
via "Dark Reading".
It's as they say: A Teams is only as strong as its weakest links. Microsoft's collaboration platform offers Tabs, Meetings, and Messages functions, and they all can be exploited.π Read
via "Dark Reading".
Dark Reading
Microsoft Teams Features Amp Up Orgs' Cyberattack Exposure
It's as they say: Teams is only as strong as its weakest links. Microsoft's collaboration platform offers Tabs, Meetings, and Messages functions, and they all can be exploited.
βΌ CVE-2023-2765 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".