βΌ CVE-2023-29838 βΌ
π Read
via "National Vulnerability Database".
Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28649 βΌ
π Read
via "National Vulnerability Database".
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31193 βΌ
π Read
via "National Vulnerability Database".
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31245 βΌ
π Read
via "National Vulnerability Database".
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the deviceΓ’β¬β’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25183 βΌ
π Read
via "National Vulnerability Database".
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31689 βΌ
π Read
via "National Vulnerability Database".
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31241 βΌ
π Read
via "National Vulnerability Database".
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2505 βΌ
π Read
via "National Vulnerability Database".
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47320 βΌ
π Read
via "National Vulnerability Database".
The iBoot deviceΓ’β¬β’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2504 βΌ
π Read
via "National Vulnerability Database".
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4945 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47311 βΌ
π Read
via "National Vulnerability Database".
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46738 βΌ
π Read
via "National Vulnerability Database".
The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46658 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.π Read
via "National Vulnerability Database".
βοΈ Interview With a Crypto Scam Investment Spammer βοΈ
π Read
via "Krebs on Security".
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.π Read
via "Krebs on Security".
Krebs on Security
Interview With a Crypto Scam Investment Spammer
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaignsβ¦
βΌ CVE-2023-27518 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31994 βΌ
π Read
via "National Vulnerability Database".
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27384 βΌ
π Read
via "National Vulnerability Database".
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31741 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29919 βΌ
π Read
via "National Vulnerability Database".
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28409 βΌ
π Read
via "National Vulnerability Database".
Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.π Read
via "National Vulnerability Database".