βΌ CVE-2023-4308 βΌ
π Read
via "National Vulnerability Database".
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Γ’β¬Λuser-submitted-contentΓ’β¬β’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2916 βΌ
π Read
via "National Vulnerability Database".
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.π Read
via "National Vulnerability Database".
π’ More than 100,000 hackers have details exposed through malware on cyber crime forums π’
π Read
via "ITPro".
Hackers accidentally falling foul of malware is becoming more common, researchers said π Read
via "ITPro".
ITProUK
More than 100,000 hackers have details exposed through malware on cyber crime forums
Hackers accidentally falling foul of malware is becoming more common, researchers said
π΄ How & Why Cybercriminals Fabricate Data Leaks π΄
π Read
via "Dark Reading".
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.π Read
via "Dark Reading".
Dark Reading
How & Why Cybercriminals Fabricate Data Leaks
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.
βΌ CVE-2023-24478 βΌ
π Read
via "National Vulnerability Database".
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30778 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <=Γ 10.0.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30747 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <=Γ 0.3.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30498 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <=Γ 2.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28479 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4371 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π’ Unearthed LockBit secrets suggest gang is faltering in bid to corner ransomware market π’
π Read
via "ITPro".
Laden with technical difficulties, the ransomware group is riding on the wave of its notorious reputation to force victims into paying π Read
via "ITPro".
ITPro
Unearthed LockBit secrets suggest gang is faltering in bid to corner ransomware market
Laden with technical difficulties, the ransomware group is riding on the wave of its notorious reputation to force victims into paying
π’ Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in Europe π’
π Read
via "ITPro".
More than 1,800 Citrix NetScalerdevices still contained backdoors at the time of publication π Read
via "ITPro".
ITPro
Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in Europe
More than 1,800 Citrix NetScaler devices still contained backdoors at the time of publication
π΄ Bolstering Africaβs Cybersecurity π΄
π Read
via "Dark Reading".
A thriving economy needs several factors to continue an upward trajectory β but is Africa in a position to enable these factors to take place?π Read
via "Dark Reading".
Dark Reading
Bolstering Africaβs Cybersecurity
A thriving economy needs several factors to continue an upward trajectory β but is Africa in a position to enable these factors to take place?
π¦Ώ DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.π Read
via "Tech Republic".
TechRepublic
DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities
Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.
β€1
π¦Ώ Microsoft Defender for Cloud Gets More Multicloud π¦Ώ
π Read
via "Tech Republic".
With Microsoft Defender for Cloud, cloud security posture management features are now available for Google Cloud Platform, as well as AWS and Azure. π Read
via "Tech Republic".
TechRepublic
Microsoft Defender for Cloud Gets More Multicloud
With Microsoft Defender for Cloud, cloud security posture management features are now available for Google Cloud Platform, as well as AWS and Azure.
βΌ CVE-2023-38857 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38856 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38855 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38916 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39662 βΌ
π Read
via "National Vulnerability Database".
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38898 βΌ
π Read
via "National Vulnerability Database".
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component.π Read
via "National Vulnerability Database".