🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42334

An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.

📖 Read

via "National Vulnerability Database".
139 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42147

An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.

📖 Read

via "National Vulnerability Database".
131 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38876

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39052

An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.

📖 Read

via "National Vulnerability Database".
160 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39045

An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.

📖 Read

via "National Vulnerability Database".
166 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43138

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

📖 Read

via "National Vulnerability Database".
138 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40930

Skyworth 3.0 OS is vulnerable to Directory Traversal.

📖 Read

via "National Vulnerability Database".
169 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43137

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.

📖 Read

via "National Vulnerability Database".
188 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42322

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.

📖 Read

via "National Vulnerability Database".
154 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38718

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-3596

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

📖 Read

via "National Vulnerability Database".
154 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39677

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

📖 Read

via "National Vulnerability Database".
193 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42321

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

📖 Read

via "National Vulnerability Database".
223 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43134

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

📖 Read

via "National Vulnerability Database".
208 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-42335

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.

📖 Read

via "National Vulnerability Database".
209 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 CrowdStrike Fal.Con 2023: CrowdStrike Brings AI and Cloud Application Security to Falcon 🦿

At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.

📖 Read

via "Tech Republic".
TechRepublic
CrowdStrike Fal.Con 2023: CrowdStrike Brings AI and Cloud Application Security to Falcon
At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.
240 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 GitLab Users Advised to Update Against Critical Flaw Immediately 🕴

The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories.

📖 Read

via "Dark Reading".
Dark Reading
GitLab Users Advised to Update Against Critical Flaw Immediately
The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories.
👍1
215 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Will Generative AI Kill the Nigerian Prince Scam? 🕴

A linguist analyzes whether GPT will improve the notoriously agrammatical scam — or finally render it a thing of the past.

📖 Read

via "Dark Reading".
Dark Reading
Will Generative AI Kill the Nigerian Prince Scam?
A linguist analyzes whether GPT will improve the notoriously agrammatical scam — or finally render it a thing of the past.
232 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-34575

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.

📖 Read

via "National Vulnerability Database".
👍1
224 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-37279

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.

📖 Read

via "National Vulnerability Database".
272 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-36234

Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.

📖 Read

via "National Vulnerability Database".
299 views