βΌ CVE-2023-4005 βΌ
π Read
via "National Vulnerability Database".
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4007 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4006 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35019 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35016 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43831 βΌ
π Read
via "National Vulnerability Database".
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24971 βΌ
π Read
via "National Vulnerability Database".
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4868 βΌ
π Read
via "National Vulnerability Database".
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22595 βΌ
π Read
via "National Vulnerability Database".
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.π Read
via "National Vulnerability Database".
π1
π¦Ώ Server Inventory Checklist π¦Ώ
π Read
via "Tech Republic".
Itβs important to maintain accurate infrastructure inventories to assist secure and effective network administration. A checklist, like the accompanying file from TechRepublic Premium, is an easy and efficient way to begin the process of maintaining accurate infrastructure inventories. From the checklist: DONβT FORGET ABOUT FORGOTTEN SYSTEMS Itβs common for technical network audits to surface forgotten ...π Read
via "Tech Republic".
TechRepublic
Server Inventory Checklist
Itβs important to maintain accurate infrastructure inventories to assist secure and effective network administration. A checklist, like the accompanying
π2
π’ Four measures SMBs can take to avoid common security pitfalls π’
π Read
via "ITPro".
Security can be challenging for SMBs, but itβs possible to make yourself more resilient to reduce the impact of cyber attacks π Read
via "ITPro".
ITPro
Four measures SMBs can take to avoid common security pitfalls
Security can be challenging for SMBs, but itβs possible to make yourself more resilient to reduce the impact of cyber attacks
π’ SEC data breach rules branded βworryingly vagueβ by industry body π’
π Read
via "ITPro".
The new rules announced last week leave many questions unanswered, according to security industry experts π Read
via "ITPro".
ITPro
SEC data breach rules branded βworryingly vagueβ by industry body
The new rules announced last week leave many questions unanswered, according to security industry experts
βΌ CVE-2023-34360 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.Γ After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-34358 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34359 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3345 βΌ
π Read
via "National Vulnerability Database".
The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-0602 βΌ
π Read
via "National Vulnerability Database".
The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3292 βΌ
π Read
via "National Vulnerability Database".
The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3508 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4888 βΌ
π Read
via "National Vulnerability Database".
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actionsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3130 βΌ
π Read
via "National Vulnerability Database".
The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".