‼ CVE-2022-46658 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.📖 Read
via "National Vulnerability Database".
♟️ Interview With a Crypto Scam Investment Spammer ♟️
📖 Read
via "Krebs on Security".
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.📖 Read
via "Krebs on Security".
Krebs on Security
Interview With a Crypto Scam Investment Spammer
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns…
‼ CVE-2023-27518 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31994 ‼
📖 Read
via "National Vulnerability Database".
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27384 ‼
📖 Read
via "National Vulnerability Database".
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31741 ‼
📖 Read
via "National Vulnerability Database".
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29919 ‼
📖 Read
via "National Vulnerability Database".
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28409 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20012 ‼
📖 Read
via "National Vulnerability Database".
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27926 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25953 ‼
📖 Read
via "National Vulnerability Database".
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2844 ‼
📖 Read
via "National Vulnerability Database".
Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25946 ‼
📖 Read
via "National Vulnerability Database".
Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31826 ‼
📖 Read
via "National Vulnerability Database".
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31670 ‼
📖 Read
via "National Vulnerability Database".
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27507 ‼
📖 Read
via "National Vulnerability Database".
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28408 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27387 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22654 ‼
📖 Read
via "National Vulnerability Database".
Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28413 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31740 ‼
📖 Read
via "National Vulnerability Database".
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.📖 Read
via "National Vulnerability Database".