βΌ CVE-2023-42280 βΌ
π Read
via "National Vulnerability Database".
mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41993 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.π Read
via "National Vulnerability Database".
π΄ 'Gold Melody' Access Broker Plays on Unpatched Servers' Strings π΄
π Read
via "Dark Reading".
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.π Read
via "Dark Reading".
Dark Reading
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.
π΄ What Does Socrates Have to Do With CPM? π΄
π Read
via "Dark Reading".
It's time to focus on the "P" in cybersecurity performance management.π Read
via "Dark Reading".
Dark Reading
What Does Socrates Have to Do With CPM?
It's time to focus on the "P" in cybersecurity performance management.
π΄ Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation
Rehovot, Israel (September 21, 2023) β Salvador Technologies, the innovative provider of the first Instant and Safe Cyber-Attack Recovery Platform for Critical Assets and Operational Technologies (OT), today announced that the company has won funding forβ¦
π΄ Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor π΄
π Read
via "Dark Reading".
The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.π Read
via "Dark Reading".
Dark Reading
Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor
The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.
βΌ CVE-2023-34576 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38343 βΌ
π Read
via "National Vulnerability Database".
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42482 βΌ
π Read
via "National Vulnerability Database".
Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38344 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42261 βΌ
π Read
via "National Vulnerability Database".
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43128 βΌ
π Read
via "National Vulnerability Database".
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4504 βΌ
π Read
via "National Vulnerability Database".
Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31719 βΌ
π Read
via "National Vulnerability Database".
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31717 βΌ
π Read
via "National Vulnerability Database".
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23362 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2376 build 20230421 and laterQTS 4.5.4.2374 build 20230416 and laterQuTS hero h5.0.1.2376 build 20230421 and laterQuTS hero h4.5.4.2374 build 20230417 and laterQuTScloud c5.0.1.2374 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-23364 βΌ
π Read
via "National Vulnerability Database".
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.We have already fixed the vulnerability in the following versions:Multimedia Console 2.1.1 ( 2023/03/29 ) and laterMultimedia Console 1.4.7 ( 2023/03/20 ) and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-31718 βΌ
π Read
via "National Vulnerability Database".
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23363 βΌ
π Read
via "National Vulnerability Database".
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 4.3.6.2441 build 20230621 and laterQTS 4.3.3.2420 build 20230621 and laterQTS 4.2.6 build 20230621 and laterQTS 4.3.4.2451 build 20230621 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-31716 βΌ
π Read
via "National Vulnerability Database".
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.logπ Read
via "National Vulnerability Database".
π΄ Guardians of the Cyberverse: Building a Resilient Security Culture π΄
π Read
via "Dark Reading".
Whether achieved through AI-enabled automation, proactive identification and resolution of issues, or the equitable distribution of risk management responsibilities, the goal must be resilience.π Read
via "Dark Reading".
Dark Reading
Guardians of the Cyberverse: Building a Resilient Security Culture
Whether achieved through AI-enabled automation, proactive identification and resolution of issues, or the equitable distribution of risk management responsibilities, the goal must be resilience.