🕴 Houthi-Backed Spyware Effort Targets Yemen Aid Workers 🕴
📖 Read
via "Dark Reading".
Pro-Houthi OilAlpha uses spoofed Android apps to monitor victims across the Arab peninsula working to bring stability to Yemen.📖 Read
via "Dark Reading".
Dark Reading
Houthi-Backed Spyware Effort Targets Yemen Aid Workers
Pro-Houthi OilAlpha uses spoofed Android apps to monitor victims across the Arab peninsula working to bring stability to Yemen.
🕴 5 Ways Security Testing Can Aid Incident Response 🕴
📖 Read
via "Dark Reading".
Organizations can focus on these key considerations to develop their cybersecurity testing program sustainably.📖 Read
via "Dark Reading".
Dark Reading
5 Ways Security Testing Can Aid Incident Response
Organizations can focus on these key considerations to develop their cybersecurity testing programs sustainably.
🕴 BianLian Cybercrime Group Changes Attack Methods, CISA Advisory Notes 🕴
📖 Read
via "Dark Reading".
CISA urges small and midsized organizations as well as critical infrastructures to implement mitigations to shield from further attacks.📖 Read
via "Dark Reading".
Dark Reading
BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA
CISA urges small and midsized organizations as well as critical infrastructure to implement mitigations immediately to shield themselves from further data exfiltration attacks.
🕴 Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise 🕴
📖 Read
via "Dark Reading".
Lemon Group's Guerrilla malware model an example of how threat actors are monetizing compromised Android devices, researchers say.📖 Read
via "Dark Reading".
Dark Reading
Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise
Lemon Group's Guerrilla malware model an example of how threat actors are monetizing compromised Android devices, researchers say.
‼ CVE-2023-2776 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2774 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2775 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32767 ‼
📖 Read
via "National Vulnerability Database".
The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30191 ‼
📖 Read
via "National Vulnerability Database".
PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27233 ‼
📖 Read
via "National Vulnerability Database".
Piwigo v13.5.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2780 ‼
📖 Read
via "National Vulnerability Database".
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29837 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20077 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20106 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20174 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27217 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20161 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29985 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20158 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2757 ‼
📖 Read
via "National Vulnerability Database".
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to access functions to save plugin data that can potentially lead to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20156 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".