‼ CVE-2021-24916 ‼
📖 Read
via "National Vulnerability Database".
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2843 ‼
📖 Read
via "National Vulnerability Database".
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36220 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38795 ‼
📖 Read
via "National Vulnerability Database".
In Gitea through 1.17.1, repo cloning can occur in the migration function.📖 Read
via "National Vulnerability Database".
🕴 SANS Teaches Cybersecurity Leadership in Saudi Arabia 🕴
📖 Read
via "Dark Reading".
Infosecurity learning modules will cover security planning, policy, and leadership.📖 Read
via "Dark Reading".
Dark Reading
SANS Teaches Cybersecurity Leadership in Saudi Arabia
Infosecurity learning modules will cover security planning, policy, and leadership.
🕴 Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics 🕴
📖 Read
via "Dark Reading".
The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods.📖 Read
via "Dark Reading".
Dark Reading
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics
The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods.
👍1
🦿 ChatGPT Security Concerns: Credentials on the Dark Web and More 🦿
📖 Read
via "Tech Republic".
ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about a new tool advertised on the Dark Web called WormGPT.📖 Read
via "Tech Republic".
TechRepublic
ChatGPT Security Concerns: Credentials on the Dark Web and More
ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about WormGPT.
‼ CVE-2023-38044 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38045 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23758 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32783 ‼
📖 Read
via "National Vulnerability Database".
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34476 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23757 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34477 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.📖 Read
via "National Vulnerability Database".
🦿 Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud 🦿
📖 Read
via "Tech Republic".
Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access.📖 Read
via "Tech Republic".
TechRepublic
Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud
Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access. Read on to learn more.
‼ CVE-2023-4200 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38932 ‼
📖 Read
via "National Vulnerability Database".
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38939 ‼
📖 Read
via "National Vulnerability Database".
Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39363 ‼
📖 Read
via "National Vulnerability Database".
Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38935 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38937 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.📖 Read
via "National Vulnerability Database".