‼ CVE-2023-3641 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3642 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument username/title/comment leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233888.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37942 ‼
📖 Read
via "National Vulnerability Database".
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
❤1
⚠ Microsoft patches four zero-days, finally takes action against crimeware kernel drivers ⚠
📖 Read
via "Naked Security".
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...📖 Read
via "Naked Security".
🕴 (ISC)² Strengthens DEI Initiatives through Global Partnerships 🕴
📖 Read
via "Dark Reading".
Partnership program empowers underrepresented groups by removing barriers to entering the cybersecurity workforce.📖 Read
via "Dark Reading".
Dark Reading
(ISC)² Strengthens DEI Initiatives through Global Partnerships
Partnership program empowers underrepresented groups by removing barriers to entering the cybersecurity workforce.
🕴 Less Than Half of SMBs Deploy Privileged Access Management 🕴
📖 Read
via "Dark Reading".
Keeper Security highlights S&P Market Intelligence's latest research showing that lack of PAM is leaving SMBs vulnerable to attack.📖 Read
via "Dark Reading".
Dark Reading
Less Than Half of SMBs Deploy Privileged Access Management
Keeper Security highlights S&P Market Intelligence's latest research showing that lack of PAM is leaving SMBs vulnerable to attack.
🕴 Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills According to Bugcrowd Survey 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills According to Bugcrowd Survey
SAN FRANCISCO, July 12, 2023 /PRNewswire/ -- Bugcrowd, a multi-solution crowdsourced cybersecurity platform, today released its annual "Inside the Mind of a Hacker" report for 2023, which found that 72% of hackers believe artificial intelligence (AI) will…
🕴 Console & Associates, P.C. Investigates HCA Healthcare After Report of Data Breach Affecting an Estimated 11M Patients 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Console & Associates, P.C. Investigates HCA Healthcare After Report of Data Breach Affecting an Estimated 11M Patients
MARLTON, N.J., July 12, 2023 /PRNewswire/ -- Approximately 11 million patients are being notified that their personal information was compromised after an unauthorized party posted HCA Healthcare, Inc. ("HCA") patient data on an online forum. Now, members'…
🕴 Firedome Integrates With Microsoft Defender for IoT to Enhance IoT Device Security, Using Microsoft Sentinel 🕴
📖 Read
via "Dark Reading".
Firedome's on device real-time detection, prevention and response along with Microsoft Defender for IoT cloud-based security provides a holistic view of IoT attacks for the first time.📖 Read
via "Dark Reading".
Dark Reading
Firedome Integrates With Microsoft Defender for IoT to Enhance IoT Device Security, Using Microsoft Sentinel
Firedome's on device real-time detection, prevention and response along with Microsoft Defender for IoT cloud-based security provides a holistic view of IoT attacks for the first time.
‼ CVE-2023-3635 ‼
📖 Read
via "National Vulnerability Database".
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3643 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3644 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
🕴 Chinese APT Cracks Microsoft Outlook Emails at 25 Government Agencies 🕴
📖 Read
via "Dark Reading".
Foreign state-sponsored actors likely had access to privileged state emails for weeks, thanks to a token validation vulnerability.📖 Read
via "Dark Reading".
Dark Reading
Chinese APT Cracks Microsoft Outlook Emails at 25 Government Agencies
Foreign state-sponsored actors likely had access to privileged state emails for weeks, thanks to a token validation vulnerability.
🕴 Startup Spotlight: Mobb Aims to Be the Fixer 🕴
📖 Read
via "Dark Reading".
The startup, one of four finalists in this year's Black Hat USA Startup Spotlight competition, automates vulnerability remediation using AI.📖 Read
via "Dark Reading".
Dark Reading
Startup Spotlight: Mobb Aims to Be the Fixer
The company, one of four finalists in this year's Black Hat USA Startup Spotlight competition, automates vulnerability remediation using AI.
‼ CVE-2023-26563 ‼
📖 Read
via "National Vulnerability Database".
The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26564 ‼
📖 Read
via "National Vulnerability Database".
The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33274 ‼
📖 Read
via "National Vulnerability Database".
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37562 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34127 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21240 ‼
📖 Read
via "National Vulnerability Database".
In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34130 ‼
📖 Read
via "National Vulnerability Database".
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.📖 Read
via "National Vulnerability Database".