βΌ CVE-2023-36617 βΌ
π Read
via "National Vulnerability Database".
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.π Read
via "National Vulnerability Database".
π΄ 3 Tips to Increase Hybrid and Multicloud Security π΄
π Read
via "Dark Reading".
As cloud adoption grows, organizations need to rethink their approaches to securing hybrid cloud and multicloud environments.π Read
via "Dark Reading".
Dark Reading
3 Tips to Increase Hybrid and Multicloud Security
As cloud adoption grows, organizations need to rethink their approaches to securing hybrid cloud and multicloud environments.
βΌ CVE-2023-34735 βΌ
π Read
via "National Vulnerability Database".
Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34598 βΌ
π Read
via "National Vulnerability Database".
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34849 βΌ
π Read
via "National Vulnerability Database".
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34844 βΌ
π Read
via "National Vulnerability Database".
Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34656 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33466 βΌ
π Read
via "National Vulnerability Database".
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-34486 βΌ
π Read
via "National Vulnerability Database".
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3458 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34487 βΌ
π Read
via "National Vulnerability Database".
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3457 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2015-1313 βΌ
π Read
via "National Vulnerability Database".
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34599 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.π Read
via "National Vulnerability Database".
β Interested in $10,000,000? Ready to turn in the Clop ransomware crew? β
π Read
via "Naked Security".
Technically, it's "up to $10 million", but it's potentially a LOT of money, nevertheless...π Read
via "Naked Security".
Naked Security
Interested in $10,000,000? Ready to turn in the Clop ransomware crew?
Technically, itβs βup to $10 millionβ, but itβs potentially a LOT of money, neverthelessβ¦
π΄ US Patent Office Hacked, Trademark Apps Accessed π΄
π Read
via "Dark Reading".
Misconfiguration exposed the physical addresses of 60,000 patent filers over three years.π Read
via "Dark Reading".
Dark Reading
US Patent Office Data Spill Exposes Trademark Applications
Misconfiguration exposed the physical addresses of 60,000 patent filers over three years.
π΄ Cybersecurity Is the Healthcare Your Organization Needs π΄
π Read
via "Dark Reading".
Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Is the Healthcare Your Organization Needs
Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see.
β S3 Ep141: What was Steve Jobsβs first job? β
π Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
Latest episode β listen now! (Full transcript inside.)
βΌ CVE-2023-34658 βΌ
π Read
via "National Vulnerability Database".
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26612 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36487 βΌ
π Read
via "National Vulnerability Database".
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.π Read
via "National Vulnerability Database".