β Google Virus Total leaks list of spooky email addresses β
π Read
via "Naked Security".
Careful with that file, Eugene!π Read
via "Naked Security".
Naked Security
Google Virus Total leaks list of spooky email addresses
Careful with that file, Eugene!
β Microsoft hit by Storm season β a tale of two semi-zero days β
π Read
via "Naked Security".
The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-3527 βΌ
π Read
via "National Vulnerability Database".
A CSV injection vulnerability was found in theΓ Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-22508 βΌ
π Read
via "National Vulnerability Database".
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.19.8 of Confluence Data Center & Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).This vulnerability was discovered by a private user and reported via our Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35900 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26023 βΌ
π Read
via "National Vulnerability Database".
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3765 βΌ
π Read
via "National Vulnerability Database".
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28513 βΌ
π Read
via "National Vulnerability Database".
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26026 βΌ
π Read
via "National Vulnerability Database".
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38933 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3752 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35898 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29259 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30433 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43910 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3756 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this issue is some unknown functionality of the file /home/search. The manipulation of the argument search_string leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-234428. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3753 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3754 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash]. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-234426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3751 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products leads to sql injection. The attack can be launched remotely. The identifier VDB-234421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29260 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.π Read
via "National Vulnerability Database".
π2
π¦Ώ Get a Lifetime of Powerful VPN Protection for Your Business Data for Just $70 π¦Ώ
π Read
via "Tech Republic".
Thereβs no reason to take chances of your business suffering a data breach when a lifetime of powerful protection is so affordable.π Read
via "Tech Republic".
TechRepublic
Get a Lifetime of Powerful VPN Protection for Your Business Data for Just $70
Make all of your computers and devices safer regardless of operating system with this VPN Unlimited: Lifetime Subscription for just $69.99.
π€1