โผ CVE-2013-10027 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2013-10028 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-0635 โผ
๐ Read
via "National Vulnerability Database".
Improper Privilege Management vulnerability in ABB Ltd. ASPECTรยฎ-Enterprise on ASPECTรยฎ-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECTรยฎ-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0041 โผ
๐ Read
via "National Vulnerability Database".
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3066 โผ
๐ Read
via "National Vulnerability Database".
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.๐ Read
via "National Vulnerability Database".
โผ CVE-2015-10112 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.๐ Read
via "National Vulnerability Database".
๐ข Play ransomware gang says it's behind attack on major Spanish bank ๐ข
๐ Read
via "ITPro".
The Globalcaja incident marks the latest in a string of highly disruptive attacks waged by the Play ransomware group ๐ Read
via "ITPro".
ITPro
Play ransomware gang says it's behind attack on major Spanish bank
The Globalcaja incident marks the latest in a string of highly disruptive attacks waged by the Play ransomware group
๐ข Microsoft says it knows who was behind cyber attacks on MOVEit Transfer ๐ข
๐ Read
via "ITPro".
Dozens of organizations may have already lost data to hackers exploiting the critical flaw ๐ Read
via "ITPro".
ITPro
Microsoft says it knows who was behind cyber attacks on MOVEit Transfer
Dozens of organizations may have already lost data to hackers exploiting the critical flaw
๐ด After 'Inception' Attack, New Due Diligence Requirements Are Needed ๐ด
๐ Read
via "Dark Reading".
To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.๐ Read
via "Dark Reading".
Dark Reading
After 'Inception' Attack, New Due Diligence Requirements Are Needed
To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.
โผ CVE-2023-27989 โผ
๐ Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.๐ Read
via "National Vulnerability Database".
๐ด Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway ๐ด
๐ Read
via "Dark Reading".
With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.๐ Read
via "Dark Reading".
Dark Reading
Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway
With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.
โผ CVE-2023-2572 โผ
๐ Read
via "National Vulnerability Database".
The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2472 โผ
๐ Read
via "National Vulnerability Database".
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin๐ Read
via "National Vulnerability Database".
๐ด Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity ๐ด
๐ Read
via "Dark Reading".
Social media data can provide critical clues to help get ahead of the next cyberattack, experts say. ๐ Read
via "Dark Reading".
Dark Reading
Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity
Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.
โ Researchers claim Windows โbackdoorโ affects hundreds of Gigabyte motherboards โ
๐ Read
via "Naked Security".
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.๐ Read
via "Naked Security".
โค2
โ MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doโฆ โ
๐ Read
via "Naked Security".
Little Bobby Tables is back!๐ Read
via "Naked Security".
Sophos News
Naked Security โ Sophos News
๐ด Moonlighter Satellite Offers In-Orbit Target for Space Hackers ๐ด
๐ Read
via "Dark Reading".
Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON.๐ Read
via "Dark Reading".
Dark Reading
Moonlighter Satellite Offers In-Orbit Target for Space Hackers
Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON.
โผ CVE-2015-10113 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-33693 โผ
๐ Read
via "National Vulnerability Database".
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29344 โผ
๐ Read
via "National Vulnerability Database".
Microsoft Office Remote Code Execution Vulnerability๐ Read
via "National Vulnerability Database".
โค1
๐ด 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack ๐ด
๐ Read
via "Dark Reading".
With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.๐ Read
via "Dark Reading".
Dark Reading
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack
With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.