βΌ CVE-2023-38304 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36089 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31651 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34635 βΌ
π Read
via "National Vulnerability Database".
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38310 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38306 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38311 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38308 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36090 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21881 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38305 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38307 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35792 βΌ
π Read
via "National Vulnerability Database".
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).π Read
via "National Vulnerability Database".
β SEC demands four-day disclosure limit for cybersecurity breaches β
π Read
via "Naked Security".
When is a ransomware attack a reportable matter? And how long have you got to decide?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π RansomLord Anti-Ransomware Exploit Tool 1.0 π
π Read
via "Packet Storm Security".
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware.π Read
via "Packet Storm Security".
Packetstormsecurity
RansomLord Anti-Ransomware β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π₯1
π΄ Call of Duty Self-Spreading Worm Takes Aim at Player Lobbies π΄
π Read
via "Dark Reading".
The revival of the beloved online multiplayer video game was short-lived once players detected unusual activity and behavior that portended malware.π Read
via "Dark Reading".
Dark Reading
Call of Duty Self-Spreading Worm Takes Aim at Player Lobbies
The revival of the beloved online multiplayer video game was short-lived once players detected unusual activity and behavior that portended malware.
βΌ CVE-2023-4010 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37771 βΌ
π Read
via "National Vulnerability Database".
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4004 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34916 βΌ
π Read
via "National Vulnerability Database".
Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3997 βΌ
π Read
via "National Vulnerability Database".
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the userΓ’β¬β’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal userΓ’β¬β’s action.π Read
via "National Vulnerability Database".