βΌ CVE-2023-36133 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38991 βΌ
π Read
via "National Vulnerability Database".
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4142 βΌ
π Read
via "National Vulnerability Database".
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36135 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0525 βΌ
π Read
via "National Vulnerability Database".
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38708 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36141 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36138 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36132 βΌ
π Read
via "National Vulnerability Database".
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4140 βΌ
π Read
via "National Vulnerability Database".
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30146 βΌ
π Read
via "National Vulnerability Database".
Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-36131 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36158 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30297 βΌ
π Read
via "National Vulnerability Database".
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4139 βΌ
π Read
via "National Vulnerability Database".
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33665 βΌ
π Read
via "National Vulnerability Database".
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36134 βΌ
π Read
via "National Vulnerability Database".
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39379 βΌ
π Read
via "National Vulnerability Database".
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.π Read
via "National Vulnerability Database".
π΄ Google, Microsoft Take Refuge in Rust Language's Better Security π΄
π Read
via "Dark Reading".
More tech giants turn to the Rust programming language for its built-in memory safety and other security features.π Read
via "Dark Reading".
Dark Reading
Google, Microsoft Take Refuge in Rust Language's Better Security
More tech giants are turning to the Rust programming language for its built-in memory safety and other security features.
π1
π΄ How To Deal With the Vagueness in New Cyber Regulations π΄
π Read
via "Dark Reading".
Recent regulations for privacy, AI, and breaches tend to be overly broad, suggesting that the rulemakers lack tech acumen. π Read
via "Dark Reading".
Dark Reading
How To Deal With the Vagueness in New Cyber Regulations
Recent regulations for privacy, AI, and breaches tend to be overly broad, suggesting that the rulemakers lack tech acumen.
βοΈ Teach a Man to Phish and Heβs Set for Life βοΈ
π Read
via "Krebs on Security".
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.π Read
via "Krebs on Security".
Krebs on Security
Teach a Man to Phish and Heβs Set for Life
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirectsβ¦