βΌ CVE-2022-41763 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.π Read
via "National Vulnerability Database".
π΄ As LotL Attacks Evolve, So Must Defenses π΄
π Read
via "Dark Reading".
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.π Read
via "Dark Reading".
Dark Reading
As LotL Attacks Evolve, So Must Defenses
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.
βΌ CVE-2023-32086 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2453 βΌ
π Read
via "National Vulnerability Database".
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a Γ’β¬Λrequire_onceΓ’β¬β’ statement. This allows arbitrary files with the Γ’β¬Λ.phpΓ’β¬β’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a Γ’β¬Λ.phpΓ’β¬β’ file payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4480 βΌ
π Read
via "National Vulnerability Database".
Due to an out-of-date dependency in the Γ’β¬ΕFusion File ManagerΓ’β¬οΏ½ component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the applicationΓ’β¬β’s mime-type and file extension validation.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-40743 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.π Read
via "National Vulnerability Database".
π΄ How Companies Can Cope With the Risks of Generative AI Tools π΄
π Read
via "Dark Reading".
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.π Read
via "Dark Reading".
Dark Reading
How Companies Can Cope With the Risks of Generative AI Tools
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.
βΌ CVE-2023-35124 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41108 βΌ
π Read
via "National Vulnerability Database".
TEF portal 2023-07-17 is vulnerable to authenticated remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32615 βΌ
π Read
via "National Vulnerability Database".
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41107 βΌ
π Read
via "National Vulnerability Database".
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34998 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36361 βΌ
π Read
via "National Vulnerability Database".
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32271 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34353 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3374 βΌ
π Read
via "National Vulnerability Database".
Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41012 βΌ
π Read
via "National Vulnerability Database".
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4778 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3375 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type vulnerability in Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31242 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34994 βΌ
π Read
via "National Vulnerability Database".
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".