‼ CVE-2023-43044 ‼
📖 Read
via "National Vulnerability Database".
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43663 ‼
📖 Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43664 ‼
📖 Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43657 ‼
📖 Read
via "National Vulnerability Database".
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.📖 Read
via "National Vulnerability Database".
🕴 Johnson Controls International Disrupted by Major Cyberattack 🕴
📖 Read
via "Dark Reading".
The company filed with the SEC and is assessing its operations and financial damages.📖 Read
via "Dark Reading".
Dark Reading
Johnson Controls International Disrupted by Major Cyberattack
The company filed with the SEC and is assessing its operations and financial damages.
🕴 New Cisco IOS Zero-Day Delivers a Double Punch 🕴
📖 Read
via "Dark Reading".
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack. 📖 Read
via "Dark Reading".
Dark Reading
New Cisco IOS Zero-Day Delivers a Double Punch
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
🕴 Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits 🕴
📖 Read
via "Dark Reading".
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.📖 Read
via "Dark Reading".
Dark Reading
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
‼ CVE-2023-5185 ‼
📖 Read
via "National Vulnerability Database".
Gym Management System Project v1.0 is vulnerable toan Insecure File Upload vulnerability on the 'file'parameter of profile/i.php page, allowing anauthenticated attacker to obtain Remote Code Executionon the server hosting the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5004 ‼
📖 Read
via "National Vulnerability Database".
Hospital management system version 378c157 allows to bypass authentication.This is possible because the application is vulnerable to SQLI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43323 ‼
📖 Read
via "National Vulnerability Database".
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43013 ‼
📖 Read
via "National Vulnerability Database".
Asset Management System v1.0 is vulnerable to anunauthenticated SQL Injection vulnerability on the'email' parameter of index.php page, allowing anexternal attacker to dump all the contents of thedatabase contents and bypass the login control.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44173 ‼
📖 Read
via "National Vulnerability Database".
Online Movie Ticket Booking System v1.0 is vulnerable toan authenticated Reflected Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43226 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41911 ‼
📖 Read
via "National Vulnerability Database".
Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4316 ‼
📖 Read
via "National Vulnerability Database".
Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5053 ‼
📖 Read
via "National Vulnerability Database".
Hospital management system version 378c157 allows to bypass authentication.This is possible because the application is vulnerable to SQLI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43740 ‼
📖 Read
via "National Vulnerability Database".
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]📖 Read
via "National Vulnerability Database".
🕴 Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain 🕴
📖 Read
via "Dark Reading".
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.📖 Read
via "Dark Reading".
Dark Reading
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
‼ CVE-2023-44163 ‼
📖 Read
via "National Vulnerability Database".
The 'search' parameter of the process_search.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44174 ‼
📖 Read
via "National Vulnerability Database".
Online Movie Ticket Booking System v1.0 is vulnerable toan authenticated Stored Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43014 ‼
📖 Read
via "National Vulnerability Database".
Asset Management System v1.0 is vulnerable toan Authenticated SQL Injection vulnerabilityon the 'first_name' and 'last_name' parametersof user.php page, allowing an authenticatedattacker to dump all the contents of the databasecontents.📖 Read
via "National Vulnerability Database".