🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-3650

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

📖 Read

via "National Vulnerability Database".
186 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-3575

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

📖 Read

via "National Vulnerability Database".
192 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-27373

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.

📖 Read

via "National Vulnerability Database".
197 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-3524

The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-24916

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.

📖 Read

via "National Vulnerability Database".
206 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-2843

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-36220

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

📖 Read

via "National Vulnerability Database".
251 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-38795

In Gitea through 1.17.1, repo cloning can occur in the migration function.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 SANS Teaches Cybersecurity Leadership in Saudi Arabia 🕴

Infosecurity learning modules will cover security planning, policy, and leadership.

📖 Read

via "Dark Reading".
Dark Reading
SANS Teaches Cybersecurity Leadership in Saudi Arabia
Infosecurity learning modules will cover security planning, policy, and leadership.
335 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics 🕴

The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods.

📖 Read

via "Dark Reading".
Dark Reading
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics
The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods.
👍1
378 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 ChatGPT Security Concerns: Credentials on the Dark Web and More 🦿

ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about a new tool advertised on the Dark Web called WormGPT.

📖 Read

via "Tech Republic".
TechRepublic
ChatGPT Security Concerns: Credentials on the Dark Web and More
ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about WormGPT.
341 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38044

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

📖 Read

via "National Vulnerability Database".
301 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38045

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.

📖 Read

via "National Vulnerability Database".
281 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-23758

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32783

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.

📖 Read

via "National Vulnerability Database".
262 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-34476

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-23757

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-34477

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

📖 Read

via "National Vulnerability Database".
293 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud 🦿

Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access.

📖 Read

via "Tech Republic".
TechRepublic
Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud
Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access. Read on to learn more.
287 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4200

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
262 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38932

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.

📖 Read

via "National Vulnerability Database".
245 views