π AIDE 0.18.3 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ How to Protect Your Organization From Vulnerabilities π΄
π Read
via "Dark Reading".
Cobalt's fifth edition of "The State of Penetration Testing Report" taps into data from 3,100 pen tests and more than 1,000 responses from security practitioners.π Read
via "Dark Reading".
Dark Reading
How to Protect Your Organization From Vulnerabilities
Cobalt's fifth edition of "The State of Penetration Testing Report" taps into data from 3,100 pen tests and more than 1,000 responses from security practitioners.
β Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched β
π Read
via "Naked Security".
Yes, it's a buffer overflow bug. No, it's not going get fixed.π Read
via "Naked Security".
Naked Security
Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched
Yes, itβs a buffer overflow bug. No, itβs not going get fixed.
βΌ CVE-2023-31723 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31700 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31724 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31725 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31722 βΌ
π Read
via "National Vulnerability Database".
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).π Read
via "National Vulnerability Database".
βΌ CVE-2023-31701 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.π Read
via "National Vulnerability Database".
β US offers $10m bounty for Russian ransomware suspect outed in indictment β
π Read
via "Naked Security".
"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."π Read
via "Naked Security".
Naked Security
US offers $10m bounty for Russian ransomware suspect outed in indictment
βUp to $10 million for information that leads to the arrest and/or conviction of this defendant.β
π1
π΄ Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table π΄
π Read
via "Dark Reading".
Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions. π Read
via "Dark Reading".
Dark Reading
Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table
Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions.
π΄ Microsoft Teams Features Amp Up Orgs' Cyberattack Exposure π΄
π Read
via "Dark Reading".
It's as they say: A Teams is only as strong as its weakest links. Microsoft's collaboration platform offers Tabs, Meetings, and Messages functions, and they all can be exploited.π Read
via "Dark Reading".
Dark Reading
Microsoft Teams Features Amp Up Orgs' Cyberattack Exposure
It's as they say: Teams is only as strong as its weakest links. Microsoft's collaboration platform offers Tabs, Meetings, and Messages functions, and they all can be exploited.
βΌ CVE-2023-2765 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2766 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π΄ Apple Boots a Half-Million Developers From Official App Store π΄
π Read
via "Dark Reading".
The mobile phone and MacBook giant also rejected nearly 1.7 million app submissions last year in an effort to root out malware and fraud.π Read
via "Dark Reading".
Dark Reading
Apple Boots a Half-Million Developers From Official App Store
The mobile phone and MacBook giant also rejected nearly 1.7 million app submissions last year in an effort to root out malware and fraud.
βΌ CVE-2023-22348 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2768 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Sucms 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_ads.php?action=add. The manipulation of the argument intro leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229274 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2772 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-229278 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2770 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Online Exam System 1.0. This vulnerability affects unknown code of the file /kelasdosen/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229276.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31135 βΌ
π Read
via "National Vulnerability Database".
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2769 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229275.π Read
via "National Vulnerability Database".