🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Fake WinRAR PoC Exploit Conceals VenomRAT Malware 🕴

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

📖 Read

via "Dark Reading".
Dark Reading
Fake WinRAR PoC Exploit Conceals VenomRAT Malware
A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.
187 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

📖 Read

via "National Vulnerability Database".
178 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43377

A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.

📖 Read

via "National Vulnerability Database".
👍1
165 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43371

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.

📖 Read

via "National Vulnerability Database".
163 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43373

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.

📖 Read

via "National Vulnerability Database".
154 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43376

A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40368

IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40618

A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.

📖 Read

via "National Vulnerability Database".
164 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39041

An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43375

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39044

An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

📖 Read

via "National Vulnerability Database".
270 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.

📖 Read

via "National Vulnerability Database".
282 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40619

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

📖 Read

via "National Vulnerability Database".
226 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-37410

IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.

📖 Read

via "National Vulnerability Database".
203 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-22024

In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

📖 Read

via "National Vulnerability Database".
212 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38875

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.

📖 Read

via "National Vulnerability Database".
180 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-41484

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.

📖 Read

via "National Vulnerability Database".
160 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42331

A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42334

An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.

📖 Read

via "National Vulnerability Database".
139 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42147

An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.

📖 Read

via "National Vulnerability Database".
131 views