π΄ 'ScarletEel' Hackers Worm Into AWS Cloud π΄
π Read
via "Dark Reading".
A toolset upgrade is making ScarletEel more slippery than ever while it continues to manipulate the cloud to perform cryptojacking, DDoS, and more.π Read
via "Dark Reading".
Dark Reading
'ScarletEel' Hackers Worm Into AWS Cloud
A toolset upgrade is making ScarletEel more slippery than ever while it continues to manipulate the cloud to perform cryptojacking, DDoS, and more.
βΌ CVE-2023-23731 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <=Γ 1.3.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25468 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <=Γ 1.0.11 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23777 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31191 βΌ
π Read
via "National Vulnerability Database".
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection.An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the dronesΓ’β¬β’ real RID information.This issue affects the adjacent channel suppression algorithm present in DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22302 βΌ
π Read
via "National Vulnerability Database".
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35913 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <=Γ 1.1.44 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31190 βΌ
π Read
via "National Vulnerability Database".
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by anΓ Improper Authentication vulnerability during the firmware update procedure.Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded.An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system.This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36517 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <=Γ 2.6.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1936 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45823 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <=Γ 3.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25051 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <=Γ 1.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23997 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <=Γ 1.2.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29156 βΌ
π Read
via "National Vulnerability Database".
DroneScout ds230 Remote ID receiver from BlueMark InnovationsΓ is affected by an information loss vulnerability throughΓ traffic injection.An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information.Γ Consequently, theΓ MQTT broker, typically operated by a system integrator,Γ will have no access to the dronesΓ’β¬β’ real RID information.This issue affects DroneScout ds230 in default configuration from firmware version 20211210-1627 through 20230329-1042.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23792 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <=Γ 1.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23704 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <=Γ 1.1.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35781 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <=Γ 2.3.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23791 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <=Γ 1.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35774 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <=Γ 2.4.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24421 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <=Γ 1.5.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37247 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)π Read
via "National Vulnerability Database".