π΄ Mission Secure, Idaho National Laboratory Announce Partnership to Protect Critical Infrastructure π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Mission Secure, Idaho National Laboratory Announce Partnership to Protect Critical Infrastructure
CHARLOTTESVILLE, Va., Aug. 3, 2023 /PRNewswire/ -- Mission Secure announced today that it has partnered with Idaho National Laboratory, a U.S. Department of Energy national laboratory, to expand the adoption of the Consequence-Driven, Cyber-Informed Engineeringβ¦
π΄ Qualys Announces First-Party Software Risk Management Solution π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Qualys Announces First-Party Software Risk Management Solution
FOSTER CITY, Calif., Aug. 3, 2023 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a provider of disruptive cloud-based IT, security and compliance solutions, today announced it is opening up its risk management platform to AppSec teams to bring their own detectionsβ¦
βΌ CVE-2023-3749 βΌ
π Read
via "National Vulnerability Database".
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39121 βΌ
π Read
via "National Vulnerability Database".
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33666 βΌ
π Read
via "National Vulnerability Database".
ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4002 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38941 βΌ
π Read
via "National Vulnerability Database".
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36137 βΌ
π Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36133 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38991 βΌ
π Read
via "National Vulnerability Database".
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4142 βΌ
π Read
via "National Vulnerability Database".
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36135 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0525 βΌ
π Read
via "National Vulnerability Database".
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38708 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36141 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36138 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36132 βΌ
π Read
via "National Vulnerability Database".
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4140 βΌ
π Read
via "National Vulnerability Database".
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30146 βΌ
π Read
via "National Vulnerability Database".
Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-36131 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36158 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.π Read
via "National Vulnerability Database".