ā¼ CVE-2023-2321 ā¼
š Read
via "National Vulnerability Database".
The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminš Read
via "National Vulnerability Database".
ā¼ CVE-2023-21633 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-1273 ā¼
š Read
via "National Vulnerability Database".
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacksš Read
via "National Vulnerability Database".
ā¼ CVE-2023-21672 ā¼
š Read
via "National Vulnerability Database".
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.š Read
via "National Vulnerability Database".
š¢ Why Fulham FCās geography makes running IT so challenging š¢
š Read
via "ITPro".
Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think š Read
via "ITPro".
ITPro
Why Fulham FCās geography makes running IT so challenging
Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think
š1
ā¼ CVE-2023-31999 ā¼
š Read
via "National Vulnerability Database".
All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it.v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3506 ā¼
š Read
via "National Vulnerability Database".
A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3505 ā¼
š Read
via "National Vulnerability Database".
A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.š Read
via "National Vulnerability Database".
ā¤1
ā Ghostscript bug could allow rogue documents to run system commands ā
š Read
via "Naked Security".
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.š Read
via "Naked Security".
Sophos News
Naked Security ā Sophos News
ā¼ CVE-2022-42175 ā¼
š Read
via "National Vulnerability Database".
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-33201 ā¼
š Read
via "National Vulnerability Database".
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.š Read
via "National Vulnerability Database".
ā¤3š1
ā¼ CVE-2023-37208 ā¼
š Read
via "National Vulnerability Database".
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-37207 ā¼
š Read
via "National Vulnerability Database".
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-37202 ā¼
š Read
via "National Vulnerability Database".
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-34150 ā¼
š Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED **Ć Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-35786 ā¼
š Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.š Read
via "National Vulnerability Database".
ā¤1
ā¼ CVE-2023-37201 ā¼
š Read
via "National Vulnerability Database".
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.š Read
via "National Vulnerability Database".
ā¤1
š¢ Taking stock of cybersecurity in 2023: Challenges and opportunities š¢
š Read
via "ITPro".
Despite macroeconomic conditions, cyber security spending continues to rise, presenting opportunities for channel partners š Read
via "ITPro".
channelpro
Taking stock of cyber security in 2023: Challenges and opportunities
Despite macroeconomic conditions, cyber security spending continues to rise, presenting opportunities for channel partners
š¢ Cyber insurance costs fall in 2023 despite steep rise in ransomware attacks š¢
š Read
via "ITPro".
Premiums drop from historic highs as insurers eye a ransomware resurgence š Read
via "ITPro".
ITPro
Cyber insurance costs fall in 2023 despite steep rise in ransomware attacks
Premiums drop from historic highs as insurers eye a ransomware resurgence
ā¤1
ā¼ CVE-2023-2880 ā¼
š Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-37203 ā¼
š Read
via "National Vulnerability Database".
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.š Read
via "National Vulnerability Database".