‼ CVE-2023-37069 ‼
📖 Read
via "National Vulnerability Database".
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23900 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <=Â 6.8.8 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4282 ‼
📖 Read
via "National Vulnerability Database".
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24393 ‼
📖 Read
via "National Vulnerability Database".
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <=Â 1.6 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23828 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <=Â 2.0.3 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-34374 ‼
📖 Read
via "National Vulnerability Database".
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <=Â 4.3.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39314 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <=Â 3.30.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28779 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <=Â 3.4.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36530 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <=Â 4.67 versions.📖 Read
via "National Vulnerability Database".
🕴 Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges 🕴
📖 Read
via "Dark Reading".
Stringent efficiency measures in new environmental regulations create an unintended consequence for the shipping industry: increased cybersecurity risks in operational technology systems.📖 Read
via "Dark Reading".
Dark Reading
Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges
Stringent efficiency measures in new environmental regulations create an unintended consequence for the shipping industry: increased cybersecurity risks in operational technology systems.
🛠 OpenSSH 9.4p1 🛠
📖 Read
via "Packet Storm Security".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.📖 Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSH 9.4p1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 American Fuzzy Lop plus plus 4.08c 🛠
📖 Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.📖 Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 4.08c ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❤1
🛠 Packet Fence 13.0.0 🛠
📖 Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 13.0.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2023-38243 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38232 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38222 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38229 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38225 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29320 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38226 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37388 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin <=Â 2.0 versions.📖 Read
via "National Vulnerability Database".