β Apple silently pulls its latest zero-day update β what now? β
π Read
via "Naked Security".
Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β€1
βΌ CVE-2023-3620 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2020-20118 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31818 βΌ
π Read
via "National Vulnerability Database".
An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37659 βΌ
π Read
via "National Vulnerability Database".
xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-2746 βΌ
π Read
via "National Vulnerability Database".
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2072 βΌ
π Read
via "National Vulnerability Database".
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. Γ The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36163 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36167 βΌ
π Read
via "National Vulnerability Database".
An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36293 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36164 βΌ
π Read
via "National Vulnerability Database".
An issue in MiniTool Partition Wizard ShadowMaker v.12.7 allows an attacker to execute arbitrary code via the MTAgentService component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37657 βΌ
π Read
via "National Vulnerability Database".
TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-3617 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin_class.php of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233565 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37658 βΌ
π Read
via "National Vulnerability Database".
fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -> ApiUploadHandler.post causes stored XSSπ Read
via "National Vulnerability Database".
βΌ CVE-2023-37656 βΌ
π Read
via "National Vulnerability Database".
WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.π Read
via "National Vulnerability Database".
π΄ Apple's Rapid Zero-Day Patch Causes Safari Issues, Users Say π΄
π Read
via "Dark Reading".
Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts.π Read
via "Dark Reading".
Dark Reading
Apple's Rapid Zero-Day Patch Causes Safari Issues, Users Say
Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts.
π΄ Critical VMware Bug Exploit Code Released Into the Wild π΄
π Read
via "Dark Reading".
The exploit code was brought to VMware's attention by an anonymous researcher, in tandem with the Trend Micro Zero Day Initiative.π Read
via "Dark Reading".
Dark Reading
Critical VMware Bug Exploit Code Released Into the Wild
The exploit code was brought to VMware's attention by an anonymous researcher, in tandem with the Trend Micro Zero Day Initiative.
π OATH Toolkit 2.6.9 π
π Read
via "Packet Storm Security".
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.π Read
via "Packet Storm Security".
Packetstormsecurity
OATH Toolkit 2.6.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Cyberattacks Are a War We'll Never Win, but We Can Defend Ourselves π΄
π Read
via "Dark Reading".
Giving ourselves a chance in this fight means acknowledging that yesterday's successful defensive tactics may already be obsolete.π Read
via "Dark Reading".
Dark Reading
Cyberattacks Are a War We'll Never Win, but We Can Defend Ourselves
Giving ourselves a chance in this fight means acknowledging that yesterday's successful defensive tactics may already be obsolete.
π1
π΄ Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? π΄
π Read
via "Dark Reading".
Platform's independent server "instances" may have different security levels, creating potential for supply chain-like vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use?
Platform's independent server "instances" may have different security levels, creating potential for supply chain-like vulnerabilities.
βΌ CVE-2023-25606 βΌ
π Read
via "National Vulnerability Database".
An improper limitation of a pathname to a restricted directory ('Path Traversal')Γ vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interfaceΓ 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 Γ all versions may allow a remote andΓ authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.π Read
via "National Vulnerability Database".