βΌ CVE-2023-3475 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32622 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28387 βΌ
π Read
via "National Vulnerability Database".
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32621 βΌ
π Read
via "National Vulnerability Database".
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26135 βΌ
π Read
via "National Vulnerability Database".
All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3477 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-32612 βΌ
π Read
via "National Vulnerability Database".
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3476 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32620 βΌ
π Read
via "National Vulnerability Database".
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.π Read
via "National Vulnerability Database".
π’ Rubrik partners with Microsoft to drive generative AI-powered cyber recovery π’
π Read
via "ITPro".
Rubrik Security Cloud will integrate with Microsoft Sentinel and Azure OpenAI to accelerate recovery from cyber attacks π Read
via "ITPro".
ITPro
Rubrik partners with Microsoft to drive generative AI-powered cyber recovery
Rubrik Security Cloud will integrate with Microsoft Sentinel and Azure OpenAI to accelerate recovery from cyber attacks
π’ NHS data leak raises βserious questionsβ about Manchester University cyber attack π’
π Read
via "ITPro".
NHS patient data used for research purposes is believed to have been compromised in the June attack π Read
via "ITPro".
ITPro
NHS data leak raises βserious questionsβ about Manchester University cyber attack
NHS patient data used for research purposes is believed to have been compromised in the June attack
βΌ CVE-2023-3479 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.π Read
via "National Vulnerability Database".
π’ TSMC faces $70 million LockBit ransom demand following hardware supplier breach π’
π Read
via "ITPro".
While TSMC has confirmed the breach, it has refuted claims that company operations have been disrupted by the incident π Read
via "ITPro".
ITPro
TSMC faces $70 million LockBit ransom demand following hardware supplier breach
While TSMC has confirmed the breach, it has refuted claims that company operations have been disrupted by the incident
π΄ 3 Ways to Build a More Skilled Cybersecurity Workforce π΄
π Read
via "Dark Reading".
With the right collaboration among employers, educators, and policymakers, we can come together to create a more secure environment for all. π Read
via "Dark Reading".
Dark Reading
3 Ways to Build a More Skilled Cybersecurity Workforce
With the right collaboration among employers, educators, and policymakers, we can come together to create a more secure environment for all.
βΌ CVE-2023-3478 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
β S3 Ep141: What was Steve Jobsβs first job? β
π Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
Latest episode β listen now! (Full transcript inside.)
π Falco 0.35.1 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.35.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-37298 βΌ
π Read
via "National Vulnerability Database".
Joplin before 2.11.5 allows XSS via a USE element in an SVG document.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-37299 βΌ
π Read
via "National Vulnerability Database".
Joplin before 2.11.5 allows XSS via an AREA element of an image map.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33276 βΌ
π Read
via "National Vulnerability Database".
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).π Read
via "National Vulnerability Database".
π’ MITRE publishes the top 25 most dangerous software weaknesses π’
π Read
via "ITPro".
The annual list features the usual suspects and some new entries too π Read
via "ITPro".
ITPro
MITRE publishes the top 25 most dangerous software weaknesses
The annual list features the usual suspects and some new entries too
β€1