βΌ CVE-2023-33949 βΌ
π Read
via "National Vulnerability Database".
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47448 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - MS plugin <=Γ 1.12.03 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25749 βΌ
π Read
via "National Vulnerability Database".
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45364 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload Γ’β¬β Contact Form 7 plugin <=Γ 1.3.6.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33950 βΌ
π Read
via "National Vulnerability Database".
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.π Read
via "National Vulnerability Database".
π΄ Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool π΄
π Read
via "Dark Reading".
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.π Read
via "Dark Reading".
Dark Reading
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
βΌ CVE-2023-2872 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-2868 βΌ
π Read
via "National Vulnerability Database".
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives).Γ The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.Γ This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2874 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33983 βΌ
π Read
via "National Vulnerability Database".
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2873 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2871 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33981 βΌ
π Read
via "National Vulnerability Database".
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33982 βΌ
π Read
via "National Vulnerability Database".
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33980 βΌ
π Read
via "National Vulnerability Database".
Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2875 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2870 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π4
βΌ CVE-2023-25029 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <=Γ 2.0.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32964 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <=Γ 1.9.2 versions.π Read
via "National Vulnerability Database".
β€1π1
βοΈ Phishing Domains Tanked After Meta Sued Freenom βοΈ
π Read
via "Krebs on Security".
The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.π Read
via "Krebs on Security".
Krebs on Security
Phishing Domains Tanked After Meta Sued Freenom
The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaintsβ¦
π1
β S3 Ep136: Navigating a manic malware maelstrom β
π Read
via "Naked Security".
Latest episode - listen now. Full transcript inside...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News