‼ CVE-2023-40763 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40753 ‼
📖 Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46783 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40765 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40766 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34758 ‼
📖 Read
via "National Vulnerability Database".
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20186 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The manipulation of the argument cleanName leads to denial of service. Upgrading to version 1.21.0 is able to address this issue. The name of the patch is fd6318d99083a06363091441a0614bd2f21068e6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-238156. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40755 ‼
📖 Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40761 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40756 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40759 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
🕴 Authentication Outage Underscores Why 'Fail Safe' Is Key 🕴
📖 Read
via "Dark Reading".
Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.📖 Read
via "Dark Reading".
Dark Reading
Authentication Outage Underscores Why 'Fail Safe' Is Key
Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.
⚠ S3 Ep149: How many cryptographers does it take to change a light bulb? ⚠
📖 Read
via "Naked Security".
Latest episode - listen now! Full transcript inside...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2023-39708 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40846 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.📖 Read
via "National Vulnerability Database".
🕴 5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration 🕴
📖 Read
via "Dark Reading".
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.📖 Read
via "Dark Reading".
Dark Reading
5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.
❤1👎1
‼ CVE-2023-39560 ‼
📖 Read
via "National Vulnerability Database".
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1997 ‼
📖 Read
via "National Vulnerability Database".
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.📖 Read
via "National Vulnerability Database".
🕴 London Police Warned to Stay Vigilant Amid Major Data Breach 🕴
📖 Read
via "Dark Reading".
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.📖 Read
via "Dark Reading".
Dark Reading
London Police Warned to Stay Vigilant Amid Major Data Breach
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.
🕴 Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits 🕴
📖 Read
via "Dark Reading".
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.📖 Read
via "Dark Reading".
Dark Reading
Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.
‼ CVE-2023-39709 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.📖 Read
via "National Vulnerability Database".
❤1