‼ CVE-2023-39112 ‼
📖 Read
via "National Vulnerability Database".
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38964 ‼
📖 Read
via "National Vulnerability Database".
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37896 ‼
📖 Read
via "National Vulnerability Database".
Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38686 ‼
📖 Read
via "National Vulnerability Database".
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38690 ‼
📖 Read
via "National Vulnerability Database".
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38689 ‼
📖 Read
via "National Vulnerability Database".
Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.📖 Read
via "National Vulnerability Database".
🕴 Hawaii's Gemini North Observatory Suspended After Cyberattack 🕴
📖 Read
via "Dark Reading".
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.📖 Read
via "Dark Reading".
Dark Reading
Hawaii's Gemini North Observatory Suspended After Cyberattack
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.
🕴 Burger King Serves Up Sensitive Data, No Mayo 🕴
📖 Read
via "Dark Reading".
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.📖 Read
via "Dark Reading".
Dark Reading
Burger King Serves Up Sensitive Data, No Mayo
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.
‼ CVE-2023-33377 ‼
📖 Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39552 ‼
📖 Read
via "National Vulnerability Database".
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39107 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33378 ‼
📖 Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33376 ‼
📖 Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33372 ‼
📖 Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4157 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38698 ‼
📖 Read
via "National Vulnerability Database".
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33373 ‼
📖 Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38332 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38692 ‼
📖 Read
via "National Vulnerability Database".
CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33374 ‼
📖 Read
via "National Vulnerability Database".
Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38700 ‼
📖 Read
via "National Vulnerability Database".
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.📖 Read
via "National Vulnerability Database".