βΌ CVE-2023-42268 βΌ
π Read
via "National Vulnerability Database".
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41338 βΌ
π Read
via "National Vulnerability Database".
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4782 βΌ
π Read
via "National Vulnerability Database".
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39712 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-24965 βΌ
π Read
via "National Vulnerability Database".
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32332 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33164 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30995 βΌ
π Read
via "National Vulnerability Database".
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41318 βΌ
π Read
via "National Vulnerability Database".
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.π Read
via "National Vulnerability Database".
π1
π΄ 3 Ways to Expand the Cyber Talent Pool From Splash Pad to Watering Hole π΄
π Read
via "Dark Reading".
Why β and how β "unqualified" candidates will fill the reservoir with the security workers America is thirsty for.π Read
via "Dark Reading".
Dark Reading
3 Ways to Expand the Cyber Talent Pool From Splash Pad to Watering Hole
Why β and how β "unqualified" candidates will fill the reservoir with the security workers America is thirsty for.
π¦Ώ Microsoft, Apple versus China, spyware actors π¦Ώ
π Read
via "Tech Republic".
Itβs a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.π Read
via "Tech Republic".
TechRepublic
Microsoft Confronts China-based Storm-0558, Apple Issues Patches for Pegasus Spyware
Itβs a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.
β€2
βΌ CVE-2023-4846 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4845 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4847 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4851 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4850 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4852 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4864 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4865 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41915 βΌ
π Read
via "National Vulnerability Database".
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4878 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.π Read
via "National Vulnerability Database".