‼ CVE-2023-3359 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3447 ‼
📖 Read
via "National Vulnerability Database".
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23264 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Spoofing Vulnerability📖 Read
via "National Vulnerability Database".
📢 Encryption-less ransomware: Warning issued over emerging attack method for threat actors 📢
📖 Read
via "ITPro".
Researchers at Zscaler have observed a marked increase in the frequency of encryption-less ransomware attacks over the last year 📖 Read
via "ITPro".
ITPro
Encryption-less ransomware: Warning issued over emerging attack method for threat actors
Researchers at Zscaler have observed a marked increase in the frequency of encryption-less ransomware attacks over the last year
🕴 When It Comes to Secure Coding, ChatGPT Is Quintessentially Human 🕴
📖 Read
via "Dark Reading".
We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues.📖 Read
via "Dark Reading".
Dark Reading
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human
We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues.
🕴 Newbie Akira Ransomware Builds Momentum With Linux Shift 🕴
📖 Read
via "Dark Reading".
A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.📖 Read
via "Dark Reading".
Dark Reading
Newbie Akira Ransomware Builds Momentum With Linux Shift
A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.
🕴 UAE, Israel Ink Pivotal Joint Cyber-Threat Intelligence Agreement 🕴
📖 Read
via "Dark Reading".
Two Mideast nations that were at odds until recently have announced the "Crystal Ball" project, aimed at better protecting against cyberattacks via collaboration and knowledge sharing.📖 Read
via "Dark Reading".
Dark Reading
UAE, Israel Ink Pivotal Joint Cyber-Threat Intelligence Agreement
Two Mideast nations that were at odds until recently have announced the "Crystal Ball" project, aimed at better protecting against cyberattacks via collaboration and knowledge sharing.
‼ CVE-2023-36617 ‼
📖 Read
via "National Vulnerability Database".
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.📖 Read
via "National Vulnerability Database".
🕴 3 Tips to Increase Hybrid and Multicloud Security 🕴
📖 Read
via "Dark Reading".
As cloud adoption grows, organizations need to rethink their approaches to securing hybrid cloud and multicloud environments.📖 Read
via "Dark Reading".
Dark Reading
3 Tips to Increase Hybrid and Multicloud Security
As cloud adoption grows, organizations need to rethink their approaches to securing hybrid cloud and multicloud environments.
‼ CVE-2023-34735 ‼
📖 Read
via "National Vulnerability Database".
Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34598 ‼
📖 Read
via "National Vulnerability Database".
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34849 ‼
📖 Read
via "National Vulnerability Database".
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34844 ‼
📖 Read
via "National Vulnerability Database".
Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34656 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33466 ‼
📖 Read
via "National Vulnerability Database".
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34486 ‼
📖 Read
via "National Vulnerability Database".
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3458 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34487 ‼
📖 Read
via "National Vulnerability Database".
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3457 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-1313 ‼
📖 Read
via "National Vulnerability Database".
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34599 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.📖 Read
via "National Vulnerability Database".