βΌ CVE-2023-25835 βΌ
π Read
via "National Vulnerability Database".
There is a Cross-site Scripting vulnerabilityΓ in Esri Portal Sites in versions 10.8.1 Γ’β¬β 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. Γ The privileges required to execute this attack are high.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32478 βΌ
π Read
via "National Vulnerability Database".
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-28730 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37292 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35086 βΌ
π Read
via "National Vulnerability Database".
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3815 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28729 βΌ
π Read
via "National Vulnerability Database".
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3811 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235079.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35087 βΌ
π Read
via "National Vulnerability Database".
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28728 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.π Read
via "National Vulnerability Database".
π’ First known open-source software attacks on banking sector could kickstart long-running trend π’
π Read
via "ITPro".
Researchers at Checkmarx predict a βsteady escalationβ in targeted attacks π Read
via "ITPro".
ITPro
First known open-source software attacks on banking sector could kickstart long-running trend
Researchers at Checkmarx predict a βsteady escalationβ in targeted attacks
π¦Ώ How to Access Your iPhone if You Forget Your Passcode π¦Ώ
π Read
via "Tech Republic".
There are ways to unlock your iPhone even without the right passcode, but you'll need a PC with iTunes or a Mac with Finder.π Read
via "Tech Republic".
TechRepublic
How to Access Your iPhone if You Forget Your Passcode
Learn how to regain control of your device and how to access your iPhone if you forgot the passcode using this comprehensive guide.
βΌ CVE-2023-3484 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3821 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38646 βΌ
π Read
via "National Vulnerability Database".
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3819 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3820 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3822 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
β S3 Ep144: When threat hunting goes down a rabbit hole β
π Read
via "Naked Security".
Latest episode - check it out now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π¦Ώ 8 Best Enterprise Password Managers for 2023 π¦Ώ
π Read
via "Tech Republic".
This is a comprehensive list of the top enterprise password managers. Use this guide to compare and choose which one is best for your business.π Read
via "Tech Republic".
TechRepublic
8 Best Enterprise Password Managers
Explore the best enterprise password managers that provide security and centralized control for managing and protecting passwords across your organization.
π¦Ώ Europolβs IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent π¦Ώ
π Read
via "Tech Republic".
The Europol report also reported on cybercriminals' use of cryptocurrencies and how their techniques are more sophisticated. However, there was good cybersecurity news, too.π Read
via "Tech Republic".
TechRepublic
Europol's IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent
The Internet Organised Crime Threat Assessment 2023 report includes key findings and emerging cybersecurity threats that impact governments, businesses and individuals.