βΌ CVE-2023-4150 βΌ
π Read
via "National Vulnerability Database".
The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2023-4023 βΌ
π Read
via "National Vulnerability Database".
The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34180 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <=Γ 3.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41537 βΌ
π Read
via "National Vulnerability Database".
phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4109 βΌ
π Read
via "National Vulnerability Database".
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4035 βΌ
π Read
via "National Vulnerability Database".
The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
π΄ Performance-Enhanced Android MMRat Scurries onto Devices Via Fake App Stores π΄
π Read
via "Dark Reading".
The stealthy Trojan targets users in Southeast Asia, allowing attackers to remotely control devices to commit bank fraud.π Read
via "Dark Reading".
Dark Reading
Performance-Enhanced Android MMRat Scurries Onto Devices via Fake App Stores
The stealthy Trojan targets users in Southeast Asia, allowing attackers to remotely control devices to commit bank fraud.
π΄ 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught π΄
π Read
via "Dark Reading".
Through strategic measures and a united front, the finance industry can overcome the looming threat of deepfakes.π Read
via "Dark Reading".
Dark Reading
4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught
Through strategic measures and a united front, the finance industry can overcome the looming threat of deepfakes.
βΌ CVE-2023-40843 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004."π Read
via "National Vulnerability Database".
βΌ CVE-2023-25453 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <=Γ 1.3.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40842 βΌ
π Read
via "National Vulnerability Database".
Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler."π Read
via "National Vulnerability Database".
βΌ CVE-2023-25466 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamusa Who Hit The Page Γ’β¬β Hit Counter plugin <=Γ 1.4.14.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40596 βΌ
π Read
via "National Vulnerability Database".
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40592 βΌ
π Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the Γ’β¬Ε/app/search/tableΓ’β¬οΏ½ web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40598 βΌ
π Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40847 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28692 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <=Γ 2.6.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40839 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40837 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40597 βΌ
π Read
via "National Vulnerability Database".
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20266 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.π Read
via "National Vulnerability Database".