‼ CVE-2023-34758 ‼
📖 Read
via "National Vulnerability Database".
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20186 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The manipulation of the argument cleanName leads to denial of service. Upgrading to version 1.21.0 is able to address this issue. The name of the patch is fd6318d99083a06363091441a0614bd2f21068e6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-238156. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40755 ‼
📖 Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40761 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40756 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40759 ‼
📖 Read
via "National Vulnerability Database".
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
🕴 Authentication Outage Underscores Why 'Fail Safe' Is Key 🕴
📖 Read
via "Dark Reading".
Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.📖 Read
via "Dark Reading".
Dark Reading
Authentication Outage Underscores Why 'Fail Safe' Is Key
Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.
⚠ S3 Ep149: How many cryptographers does it take to change a light bulb? ⚠
📖 Read
via "Naked Security".
Latest episode - listen now! Full transcript inside...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2023-39708 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40846 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.📖 Read
via "National Vulnerability Database".
🕴 5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration 🕴
📖 Read
via "Dark Reading".
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.📖 Read
via "Dark Reading".
Dark Reading
5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.
❤1👎1
‼ CVE-2023-39560 ‼
📖 Read
via "National Vulnerability Database".
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1997 ‼
📖 Read
via "National Vulnerability Database".
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.📖 Read
via "National Vulnerability Database".
🕴 London Police Warned to Stay Vigilant Amid Major Data Breach 🕴
📖 Read
via "Dark Reading".
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.📖 Read
via "Dark Reading".
Dark Reading
London Police Warned to Stay Vigilant Amid Major Data Breach
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.
🕴 Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits 🕴
📖 Read
via "Dark Reading".
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.📖 Read
via "Dark Reading".
Dark Reading
Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.
‼ CVE-2023-39709 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2020-27366 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39810 ‼
📖 Read
via "National Vulnerability Database".
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39562 ‼
📖 Read
via "National Vulnerability Database".
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39062 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-40590 ‼
📖 Read
via "National Vulnerability Database".
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable.📖 Read
via "National Vulnerability Database".