βΌ CVE-2023-4113 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21409 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administratorcredentials allowing the configuration of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4115 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21408 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentialsthat are used in the integration interface towards 3rd party systems.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38744 βΌ
π Read
via "National Vulnerability Database".
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4120 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4116 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4119 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4118 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3932 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38746 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4112 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4008 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21407 βΌ
π Read
via "National Vulnerability Database".
A broken access control was found allowing for privileged escalation of the operator account to gainadministrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21411 βΌ
π Read
via "National Vulnerability Database".
User provided input is not sanitized in the Γ’β¬ΕSettings > Access ControlΓ’β¬οΏ½ configuration interface allowing forarbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38747 βΌ
π Read
via "National Vulnerability Database".
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4114 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βοΈ How Malicious Android Apps Slip Into Disguise βοΈ
π Read
via "Krebs on Security".
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into benign mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research.π Read
via "Krebs on Security".
Krebs on Security
How Malicious Android Apps Slip Into Disguise
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into benign mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanismsβ¦
π’ How Russia-linked hackers launched their latest attack using Microsoft Teams π’
π Read
via "ITPro".
The group has been observed targeting dozens of organizations worldwide π Read
via "ITPro".
ITPro
How Russia-linked hackers launched their latest attack using Microsoft Teams
The group has been observed targeting dozens of organizations worldwide
π1
βΌ CVE-2023-3662 βΌ
π Read
via "National Vulnerability Database".
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .π Read
via "National Vulnerability Database".
βΌ CVE-2023-37545 βΌ
π Read
via "National Vulnerability Database".
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546,Γ CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550π Read
via "National Vulnerability Database".