βΌ CVE-2023-25440 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27923 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27514 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26595 βΌ
π Read
via "National Vulnerability Database".
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.π Read
via "National Vulnerability Database".
π’ PyPI attack: Targeting of repository 'shows no sign of stopping' π’
π Read
via "ITPro".
Greater collaboration and understanding of attackersβ tactics is key to mitigating open source security threats π Read
via "ITPro".
ITPro
PyPI attack: Targeting of repository 'shows no sign of stopping'
Greater collaboration and understanding of attackersβ tactics is key to mitigating open source security threats
β Phone scamming kingpin gets 13 years for running βiSpoofβ service β
π Read
via "Naked Security".
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.π Read
via "Naked Security".
Naked Security
Phone scamming kingpin gets 13 years for running βiSpoofβ service
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.
π΄ Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans π΄
π Read
via "Dark Reading".
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.π Read
via "Dark Reading".
Dark Reading
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.
βΌ CVE-2023-2483 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33338 βΌ
π Read
via "National Vulnerability Database".
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31669 βΌ
π Read
via "National Vulnerability Database".
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").π Read
via "National Vulnerability Database".
βΌ CVE-2023-23724 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <=Γ 3.9.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23706 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=Γ 7.5.14 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-25707 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <=Γ 1.5.12 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25472 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <=Γ 3.8.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25481 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <=Γ 1.3.7 versions.π Read
via "National Vulnerability Database".
π Stegano 0.11.2 π
π Read
via "Packet Storm Security".
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.π Read
via "Packet Storm Security".
Packetstormsecurity
Stegano 0.11.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking π΄
π Read
via "Dark Reading".
A February 2022 attack, knocked the giant tire maker's North American operations offline for several days.π Read
via "Dark Reading".
Dark Reading
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
A February 2022 attack knocked the giant tire maker's North American operations offline for several days.
π΄ Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses π΄
π Read
via "Dark Reading".
Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.π Read
via "Dark Reading".
Dark Reading
Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses
Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.
βΌ CVE-2023-30440 βΌ
π Read
via "National Vulnerability Database".
IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-33359 βΌ
π Read
via "National Vulnerability Database".
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25056 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <=Γ 3.0.2 versions.π Read
via "National Vulnerability Database".