βΌ CVE-2017-9453 βΌ
π Read
via "National Vulnerability Database".
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2015-2202 βΌ
π Read
via "National Vulnerability Database".
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40546 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi.π Read
via "National Vulnerability Database".
βΌ CVE-2015-1391 βΌ
π Read
via "National Vulnerability Database".
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39598 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35072 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 .π Read
via "National Vulnerability Database".
βΌ CVE-2023-4034 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39681 βΌ
π Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3616 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4178 βΌ
π Read
via "National Vulnerability Database".
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35065 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4531 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection.This issue affects E-commerce Software: before 20230901 .π Read
via "National Vulnerability Database".
βΌ CVE-2015-1390 βΌ
π Read
via "National Vulnerability Database".
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4781 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40918 βΌ
π Read
via "National Vulnerability Database".
KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41317 βΌ
π Read
via "National Vulnerability Database".
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when **all of the following conditions are met**: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 ("impacted versions"); **and** 2. The Supergraph schema provided to the Router (either via Apollo Uplink or explicitly via other configuration)Γ **has a `subscription` type** with root-fields defined; **and** 3. The YAML configuration provided to the Router **has subscriptions enabled** (they are _disabled_ by default), either by setting `enabled: true` _or_ by setting a valid `mode` within the `subscriptions` object (as seen in [subscriptions' documentation](https://www.apollographql.com/docs/router/executing-operations/subscription-support/#router-setup)); **and** 4. An [anonymous](https://spec.graphql.org/draft/#sec-Anonymous-Operation-Definitions) (i.e., un-named) `subscription` operation (e.g., `subscription { ... }`) is received by the Router If **all four** of these criteria are met, the impacted versions will panic and terminate. There is no data-privacy risk or sensitive-information exposure aspect to this vulnerability. This is fixed in Apollo Router v1.29.1. Users are advised to upgrade. Updating to v1.29.1 should be a clear and simple upgrade path for those running impacted versions. However, if Subscriptions are **not** necessary for your Graph Γ’β¬β but are enabled via configuration Γ’β¬β then disabling subscriptions is another option to mitigate the risk.π Read
via "National Vulnerability Database".
π΄ Tuya Smart and Amazon Web Services Collaborate to Establish an IoT Security Lab π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Tuya Smart and Amazon Web Services Collaborate to Establish an IoT Security Lab
NEW YORK, Sept. 4, 2023 /PRNewswire/ -- Tuya Smart (NYSE: TUYA, HKEX: 2391), a global IoT developer service provider, announced at the re:Inforce China conference to have jointly established a "Collaborative Security Lab" with Amazon Web Services (AWS), theβ¦
π΄ Researchers Discover Critical Vulnerability in PHPFusion CMS π΄
π Read
via "Dark Reading".
No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.π Read
via "Dark Reading".
Dark Reading
Researchers Discover Critical Vulnerability in PHPFusion CMS
No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.
π΄ LockBit Leaks Documents Filched From UK Defense Contractor π΄
π Read
via "Dark Reading".
A company that builds physical perimeter defenses failed to keep the LockBit group from penetrating its cyber defenses.π Read
via "Dark Reading".
Dark Reading
LockBit Leaks Documents Filched From UK Defense Contractor
A company that builds physical perimeter defenses failed to keep the LockBit group from penetrating its cyber defenses.
βΌ CVE-2023-39515 βΌ
π Read
via "National Vulnerability Database".
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.π Read
via "National Vulnerability Database".