βΌ CVE-2023-4270 βΌ
π Read
via "National Vulnerability Database".
The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39069 βΌ
π Read
via "National Vulnerability Database".
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38878 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41879 βΌ
π Read
via "National Vulnerability Database".
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.π Read
via "National Vulnerability Database".
π¦Ώ Want a New Job? Explore Opportunities at the 10 Top US Startup Ecosystems π¦Ώ
π Read
via "Tech Republic".
Written by: Kirstie McDermott
Silicon Valley is just one of a number of key US startup ecosystems fueling startups, all of which drive investment and job creation: check where new opportunities are in the US right now.π Read
via "Tech Republic".
TechRepublic
Want a New Job? Explore Opportunities at the 10 Top US Startup Ecosystems
Silicon Valley is just one of a number of key US startup ecosystems fueling startups, all of which drive investment and job creation: check where new opportunities are in the US right now.
π’ Zero trust is about more than security β it's the foundation for digital transformation π’
π Read
via "ITPro".
Businesses are waking up to the potential of leveraging data insights for more than just network security π Read
via "ITPro".
ITPro
Zero trust is about more than security β it's the foundation for digital transformation
Businesses are waking up to the potential of leveraging data insights for more than just network security
βΌ CVE-2022-48474 βΌ
π Read
via "National Vulnerability Database".
Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, causing a memory failure error that shuts down the process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37875 βΌ
π Read
via "National Vulnerability Database".
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37881 βΌ
π Read
via "National Vulnerability Database".
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3039 βΌ
π Read
via "National Vulnerability Database".
SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26142 βΌ
π Read
via "National Vulnerability Database".
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24093 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37878 βΌ
π Read
via "National Vulnerability Database".
Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4896 βΌ
π Read
via "National Vulnerability Database".
Cyber Control, in its 1.650 version, is affected by a vulnerabilityΓ in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37879 βΌ
π Read
via "National Vulnerability Database".
Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48475 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request.π Read
via "National Vulnerability Database".
π’ MGM Resorts back online after suspected ransomware attack π’
π Read
via "ITPro".
The companyβs casinos and hotels experienced severe disruption, with financial impacts of the outage expected to be significant π Read
via "ITPro".
ITPro
MGM Resorts back online after suspected ransomware attack
The companyβs casinos and hotels experienced severe disruption, with financial impacts of the outage expected to be significant
βΌ CVE-2023-40726 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40729 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41032 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)π Read
via "National Vulnerability Database".
βΌ CVE-2023-38076 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)π Read
via "National Vulnerability Database".