βΌ CVE-2023-28409 βΌ
π Read
via "National Vulnerability Database".
Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20012 βΌ
π Read
via "National Vulnerability Database".
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27926 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25953 βΌ
π Read
via "National Vulnerability Database".
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2844 βΌ
π Read
via "National Vulnerability Database".
Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25946 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31826 βΌ
π Read
via "National Vulnerability Database".
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31670 βΌ
π Read
via "National Vulnerability Database".
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27507 βΌ
π Read
via "National Vulnerability Database".
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28408 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27387 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).π Read
via "National Vulnerability Database".
βΌ CVE-2023-22654 βΌ
π Read
via "National Vulnerability Database".
Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).π Read
via "National Vulnerability Database".
βΌ CVE-2023-28413 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31740 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28394 βΌ
π Read
via "National Vulnerability Database".
Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25440 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27923 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27514 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26595 βΌ
π Read
via "National Vulnerability Database".
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.π Read
via "National Vulnerability Database".
π’ PyPI attack: Targeting of repository 'shows no sign of stopping' π’
π Read
via "ITPro".
Greater collaboration and understanding of attackersβ tactics is key to mitigating open source security threats π Read
via "ITPro".
ITPro
PyPI attack: Targeting of repository 'shows no sign of stopping'
Greater collaboration and understanding of attackersβ tactics is key to mitigating open source security threats
β Phone scamming kingpin gets 13 years for running βiSpoofβ service β
π Read
via "Naked Security".
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.π Read
via "Naked Security".
Naked Security
Phone scamming kingpin gets 13 years for running βiSpoofβ service
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.