βΌ CVE-2023-2603 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29632 βΌ
π Read
via "National Vulnerability Database".
PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36723 βΌ
π Read
via "National Vulnerability Database".
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36730 βΌ
π Read
via "National Vulnerability Database".
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25144 βΌ
π Read
via "National Vulnerability Database".
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0668 βΌ
π Read
via "National Vulnerability Database".
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36696 βΌ
π Read
via "National Vulnerability Database".
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36700 βΌ
π Read
via "National Vulnerability Database".
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-30576 βΌ
π Read
via "National Vulnerability Database".
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2186 βΌ
π Read
via "National Vulnerability Database".
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.π Read
via "National Vulnerability Database".
π’ MOVEit cyber attack: Cl0p sparks speculation that itβs lost control of hack π’
π Read
via "ITPro".
The hackers return with their second major data-extortion attack of 2023, but may have bitten off more than they can chew π Read
via "ITPro".
ITPro
MOVEit cyber attack: Cl0p sparks speculation that itβs lost control of hack
The hackers return with their second major data-extortion attack of 2023, but may have bitten off more than they can chew
π’ Security consolidation is about improving results, not just cost savings π’
π Read
via "ITPro".
Channel partners can play a key role in enabling businesses to consolidate security operations and bolster resilience π Read
via "ITPro".
channelpro
Security consolidation is about improving results, not just cost savings
Channel partners can play a key role in enabling businesses to consolidate security operations and bolster resilience
βΌ CVE-2023-3140 βΌ
π Read
via "National Vulnerability Database".
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.π Read
via "National Vulnerability Database".
β€1
π΄ Cisco Touts New AI-Based Security, SSE Features π΄
π Read
via "Dark Reading".
Cisco laid out its AI plans and a vision for unified cloud security during Cisco Live 2023.π Read
via "Dark Reading".
Dark Reading
Cisco Touts New AI-Based Security, SSE Features
Cisco laid out its plans for artificial intelligence (AI) and a vision for unified cloud security during Cisco Live 2023.
π1
β Chrome zero-day: βThis exploit is in the wildβ, so check your version now β
π Read
via "Naked Security".
Chrome 0-day patched now, Edge patch coming soon.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ The Case for a Federal Cyber-Insurance Backstop π΄
π Read
via "Dark Reading".
By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack. π Read
via "Dark Reading".
Dark Reading
The Case for a Federal Cyber-Insurance Backstop
By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.
βΌ CVE-2021-4380 βΌ
π Read
via "National Vulnerability Database".
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.π Read
via "National Vulnerability Database".
π΄ FBI: Sextortionist Campaigns Use Deepfakes to Target Children, Adults π΄
π Read
via "Dark Reading".
Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.π Read
via "Dark Reading".
Dark Reading
FBI: Sextortionist Campaigns Use Deepfakes to Target Children, Adults
Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.
βΌ CVE-2023-3145 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33498 βΌ
π Read
via "National Vulnerability Database".
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.π Read
via "National Vulnerability Database".
π Falco 0.35.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.35.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers