βΌ CVE-2023-2505 βΌ
π Read
via "National Vulnerability Database".
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47320 βΌ
π Read
via "National Vulnerability Database".
The iBoot deviceΓ’β¬β’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2504 βΌ
π Read
via "National Vulnerability Database".
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4945 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47311 βΌ
π Read
via "National Vulnerability Database".
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46738 βΌ
π Read
via "National Vulnerability Database".
The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46658 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.π Read
via "National Vulnerability Database".
βοΈ Interview With a Crypto Scam Investment Spammer βοΈ
π Read
via "Krebs on Security".
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.π Read
via "Krebs on Security".
Krebs on Security
Interview With a Crypto Scam Investment Spammer
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaignsβ¦
βΌ CVE-2023-27518 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31994 βΌ
π Read
via "National Vulnerability Database".
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27384 βΌ
π Read
via "National Vulnerability Database".
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31741 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29919 βΌ
π Read
via "National Vulnerability Database".
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28409 βΌ
π Read
via "National Vulnerability Database".
Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20012 βΌ
π Read
via "National Vulnerability Database".
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27926 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25953 βΌ
π Read
via "National Vulnerability Database".
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2844 βΌ
π Read
via "National Vulnerability Database".
Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25946 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31826 βΌ
π Read
via "National Vulnerability Database".
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31670 βΌ
π Read
via "National Vulnerability Database".
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.π Read
via "National Vulnerability Database".