‼ CVE-2023-37952 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29309 ‼
📖 Read
via "National Vulnerability Database".
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37951 ‼
📖 Read
via "National Vulnerability Database".
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37628 ‼
📖 Read
via "National Vulnerability Database".
Online Piggery Management System 1.0 is vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29308 ‼
📖 Read
via "National Vulnerability Database".
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37948 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29300 ‼
📖 Read
via "National Vulnerability Database".
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37629 ‼
📖 Read
via "National Vulnerability Database".
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37954 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37957 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37630 ‼
📖 Read
via "National Vulnerability Database".
Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38046 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.📖 Read
via "National Vulnerability Database".
🕴 QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft 🕴
📖 Read
via "Dark Reading".
QuickBlox users should update to the latest version of the platform in order to protect against several avenues of exploitation.📖 Read
via "Dark Reading".
Dark Reading
QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft
QuickBlox users should update to the latest version of the platform in order to protect against several avenues of exploitation.
‼ CVE-2023-37945 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3641 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3642 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument username/title/comment leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233888.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37942 ‼
📖 Read
via "National Vulnerability Database".
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
❤1
⚠ Microsoft patches four zero-days, finally takes action against crimeware kernel drivers ⚠
📖 Read
via "Naked Security".
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...📖 Read
via "Naked Security".
🕴 (ISC)² Strengthens DEI Initiatives through Global Partnerships 🕴
📖 Read
via "Dark Reading".
Partnership program empowers underrepresented groups by removing barriers to entering the cybersecurity workforce.📖 Read
via "Dark Reading".
Dark Reading
(ISC)² Strengthens DEI Initiatives through Global Partnerships
Partnership program empowers underrepresented groups by removing barriers to entering the cybersecurity workforce.
🕴 Less Than Half of SMBs Deploy Privileged Access Management 🕴
📖 Read
via "Dark Reading".
Keeper Security highlights S&P Market Intelligence's latest research showing that lack of PAM is leaving SMBs vulnerable to attack.📖 Read
via "Dark Reading".
Dark Reading
Less Than Half of SMBs Deploy Privileged Access Management
Keeper Security highlights S&P Market Intelligence's latest research showing that lack of PAM is leaving SMBs vulnerable to attack.
🕴 Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills According to Bugcrowd Survey 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills According to Bugcrowd Survey
SAN FRANCISCO, July 12, 2023 /PRNewswire/ -- Bugcrowd, a multi-solution crowdsourced cybersecurity platform, today released its annual "Inside the Mind of a Hacker" report for 2023, which found that 72% of hackers believe artificial intelligence (AI) will…