‼ CVE-2023-28485 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-48331 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29459 ‼
📖 Read
via "National Vulnerability Database".
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33580 ‼
📖 Read
via "National Vulnerability Database".
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48333 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48336 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48335 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48332 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40010 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48334 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20210 ‼
📖 Read
via "National Vulnerability Database".
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23065 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabiltiy in eZ Systems AS uZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.swf.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23064 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.📖 Read
via "National Vulnerability Database".
🕴 Cl0p in Your Network? Here's How to Find Out 🕴
📖 Read
via "Dark Reading".
Companies targeted by hacking groups with Cl0p ransomware typically have several chances to catch the attack prior to the payload being deployed, experts say.📖 Read
via "Dark Reading".
Dark Reading
Cl0p in Your Network? Here's How to Find Out
Companies targeted by hacking groups with Cl0p ransomware typically have several chances to catch the attack prior to the payload being deployed, experts say.
🕴 It's Open Season on Law Firms for Ransomware & Cyberattacks 🕴
📖 Read
via "Dark Reading".
Law firms have an ethical responsibility to protect their clients' sensitive information, but a recent swell of cyberattacks does not seem to be enough to convince law firms to shore up cybersecurity.📖 Read
via "Dark Reading".
Dark Reading
It's Open Season on Law Firms for Ransomware & Cyberattacks
Law firms have an ethical responsibility to protect their clients' sensitive information, but a recent swell of cyberattacks does not seem to be enough to convince law firms to shore up cybersecurity.
🕴 Twitter Celeb Account Hacker Heads to Jail for 5 Years 🕴
📖 Read
via "Dark Reading".
Extradited from Spain, PlugWalkJoe has been sentenced in US court and is now headed to federal prison on a raft of charges related to account hijacking and cyber stalking.📖 Read
via "Dark Reading".
Dark Reading
Twitter Celeb Account Hacker Heads to Jail for 5 Years
Extradited from Spain, PlugWalkJoe has been sentenced in US court and is now headed to federal prison on a raft of charges related to account hijacking and cyber stalking.
🕴 Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers
MARLTON, N.J. , June 23, 2023 /PRNewswire/ -- Between 2.5 to 2.7 million consumers are being notified that their Social Security numbers and other confidential information were compromised when hackers were able to exploit a vulnerability in software used…
‼ CVE-2023-33176 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34422 ‼
📖 Read
via "National Vulnerability Database".
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32525 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32526.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32605 ‼
📖 Read
via "National Vulnerability Database".
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32604.📖 Read
via "National Vulnerability Database".