‼ CVE-2023-29308 ‼
📖 Read
via "National Vulnerability Database".
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37948 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29300 ‼
📖 Read
via "National Vulnerability Database".
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37629 ‼
📖 Read
via "National Vulnerability Database".
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37954 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37957 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37630 ‼
📖 Read
via "National Vulnerability Database".
Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38046 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.📖 Read
via "National Vulnerability Database".
🕴 QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft 🕴
📖 Read
via "Dark Reading".
QuickBlox users should update to the latest version of the platform in order to protect against several avenues of exploitation.📖 Read
via "Dark Reading".
Dark Reading
QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft
QuickBlox users should update to the latest version of the platform in order to protect against several avenues of exploitation.
‼ CVE-2023-37945 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3641 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3642 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument username/title/comment leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233888.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37942 ‼
📖 Read
via "National Vulnerability Database".
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
❤1
⚠ Microsoft patches four zero-days, finally takes action against crimeware kernel drivers ⚠
📖 Read
via "Naked Security".
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...📖 Read
via "Naked Security".
🕴 (ISC)² Strengthens DEI Initiatives through Global Partnerships 🕴
📖 Read
via "Dark Reading".
Partnership program empowers underrepresented groups by removing barriers to entering the cybersecurity workforce.📖 Read
via "Dark Reading".
Dark Reading
(ISC)² Strengthens DEI Initiatives through Global Partnerships
Partnership program empowers underrepresented groups by removing barriers to entering the cybersecurity workforce.
🕴 Less Than Half of SMBs Deploy Privileged Access Management 🕴
📖 Read
via "Dark Reading".
Keeper Security highlights S&P Market Intelligence's latest research showing that lack of PAM is leaving SMBs vulnerable to attack.📖 Read
via "Dark Reading".
Dark Reading
Less Than Half of SMBs Deploy Privileged Access Management
Keeper Security highlights S&P Market Intelligence's latest research showing that lack of PAM is leaving SMBs vulnerable to attack.
🕴 Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills According to Bugcrowd Survey 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills According to Bugcrowd Survey
SAN FRANCISCO, July 12, 2023 /PRNewswire/ -- Bugcrowd, a multi-solution crowdsourced cybersecurity platform, today released its annual "Inside the Mind of a Hacker" report for 2023, which found that 72% of hackers believe artificial intelligence (AI) will…
🕴 Console & Associates, P.C. Investigates HCA Healthcare After Report of Data Breach Affecting an Estimated 11M Patients 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Console & Associates, P.C. Investigates HCA Healthcare After Report of Data Breach Affecting an Estimated 11M Patients
MARLTON, N.J., July 12, 2023 /PRNewswire/ -- Approximately 11 million patients are being notified that their personal information was compromised after an unauthorized party posted HCA Healthcare, Inc. ("HCA") patient data on an online forum. Now, members'…
🕴 Firedome Integrates With Microsoft Defender for IoT to Enhance IoT Device Security, Using Microsoft Sentinel 🕴
📖 Read
via "Dark Reading".
Firedome's on device real-time detection, prevention and response along with Microsoft Defender for IoT cloud-based security provides a holistic view of IoT attacks for the first time.📖 Read
via "Dark Reading".
Dark Reading
Firedome Integrates With Microsoft Defender for IoT to Enhance IoT Device Security, Using Microsoft Sentinel
Firedome's on device real-time detection, prevention and response along with Microsoft Defender for IoT cloud-based security provides a holistic view of IoT attacks for the first time.
‼ CVE-2023-3635 ‼
📖 Read
via "National Vulnerability Database".
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3643 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".