βΌ CVE-2023-38308 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36090 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21881 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38305 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38307 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35792 βΌ
π Read
via "National Vulnerability Database".
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).π Read
via "National Vulnerability Database".
β SEC demands four-day disclosure limit for cybersecurity breaches β
π Read
via "Naked Security".
When is a ransomware attack a reportable matter? And how long have you got to decide?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π RansomLord Anti-Ransomware Exploit Tool 1.0 π
π Read
via "Packet Storm Security".
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware.π Read
via "Packet Storm Security".
Packetstormsecurity
RansomLord Anti-Ransomware β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π₯1
π΄ Call of Duty Self-Spreading Worm Takes Aim at Player Lobbies π΄
π Read
via "Dark Reading".
The revival of the beloved online multiplayer video game was short-lived once players detected unusual activity and behavior that portended malware.π Read
via "Dark Reading".
Dark Reading
Call of Duty Self-Spreading Worm Takes Aim at Player Lobbies
The revival of the beloved online multiplayer video game was short-lived once players detected unusual activity and behavior that portended malware.
βΌ CVE-2023-4010 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37771 βΌ
π Read
via "National Vulnerability Database".
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4004 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34916 βΌ
π Read
via "National Vulnerability Database".
Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3997 βΌ
π Read
via "National Vulnerability Database".
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the userΓ’β¬β’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal userΓ’β¬β’s action.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3817 βΌ
π Read
via "National Vulnerability Database".
Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36763 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4026 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4024. Reason: This record is a duplicate of CVE-2023-4024. Notes: All CVE users should reference CVE-2023-4024 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34917 βΌ
π Read
via "National Vulnerability Database".
Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37580 βΌ
π Read
via "National Vulnerability Database".
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38750 βΌ
π Read
via "National Vulnerability Database".
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.π Read
via "National Vulnerability Database".
π΄ Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers π΄
π Read
via "Dark Reading".
The 4-month-old ransomware gang is now actively targeting VMware's virtual environments with a second variant of its custom malware.π Read
via "Dark Reading".
Dark Reading
Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers
The 4-month-old ransomware gang is now actively targeting VMware's virtual environments with a second variant of its custom malware.