βΌ CVE-2023-2909 βΌ
π Read
via "National Vulnerability Database".
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.π Read
via "National Vulnerability Database".
π1
π΄ Salesforce 'Ghost Sites' Expose Sensitive Corporate Data π΄
π Read
via "Dark Reading".
Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them.π Read
via "Dark Reading".
Dark Reading
Salesforce 'Ghost Sites' Expose Sensitive Corporate Data
Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them.
π1
π΄ Focus Security Efforts on Choke Points, Not Visibility π΄
π Read
via "Dark Reading".
By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation.π Read
via "Dark Reading".
Dark Reading
Focus Security Efforts on Choke Points, Not Visibility
By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation.
π1
βΌ CVE-2023-33508 βΌ
π Read
via "National Vulnerability Database".
KramerAV VIA GOΓΒ² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-33509 βΌ
π Read
via "National Vulnerability Database".
KramerAV VIA GOΓΒ² < 4.0.1.1326 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3009 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33736 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3007 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33487 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3008 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33507 βΌ
π Read
via "National Vulnerability Database".
KramerAV VIA GOΓΒ² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30285 βΌ
π Read
via "National Vulnerability Database".
An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser.π Read
via "National Vulnerability Database".
π΄ Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS π΄
π Read
via "Dark Reading".
Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux.π Read
via "Dark Reading".
Dark Reading
Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS
Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux.
βΌ CVE-2023-34224 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3014 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230358 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ New eID Scheme Gives EU Citizens Easy Access to Public Services Online π΄
π Read
via "Dark Reading".
The European Commission voted a new electronic identification scheme that creates new opportunities for EU citizens and businesses.π Read
via "Dark Reading".
Dark Reading
New eID Scheme Gives EU Citizens Easy Access to Public Services Online
The European Commission voted a new electronic identification scheme that creates new opportunities for EU citizens and businesses.
π΄ Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster π΄
π Read
via "Dark Reading".
Powered by GPT-4, innovative new AI-driven capabilities lower application security (AppSec) risk and help security teams "shift everywhere" with speed and accuracy.π Read
via "Dark Reading".
Dark Reading
Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster
Powered by GPT-4, innovative new AI-driven capabilities lower application security (AppSec) risk and help security teams "shift everywhere" with speed and accuracy.
β€1
β Serious Security: That KeePass βmaster password crackβ, and what we can learn from it β
π Read
via "Naked Security".
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-29747 βΌ
π Read
via "National Vulnerability Database".
Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2023-3021 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.π Read
via "National Vulnerability Database".
π΄ Ways to Help Cybersecurity's Essential Workers Avoid Burnout π΄
π Read
via "Dark Reading".
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.π Read
via "Dark Reading".
Dark Reading
Ways to Help Cybersecurity's Essential Workers Avoid Burnout
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.
π1