🕴 Johnson Controls International Disrupted by Major Cyberattack 🕴
📖 Read
via "Dark Reading".
The company filed with the SEC and is assessing its operations and financial damages.📖 Read
via "Dark Reading".
Dark Reading
Johnson Controls International Disrupted by Major Cyberattack
The company filed with the SEC and is assessing its operations and financial damages.
🕴 New Cisco IOS Zero-Day Delivers a Double Punch 🕴
📖 Read
via "Dark Reading".
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack. 📖 Read
via "Dark Reading".
Dark Reading
New Cisco IOS Zero-Day Delivers a Double Punch
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
🕴 Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits 🕴
📖 Read
via "Dark Reading".
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.📖 Read
via "Dark Reading".
Dark Reading
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
‼ CVE-2023-5185 ‼
📖 Read
via "National Vulnerability Database".
Gym Management System Project v1.0 is vulnerable toan Insecure File Upload vulnerability on the 'file'parameter of profile/i.php page, allowing anauthenticated attacker to obtain Remote Code Executionon the server hosting the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5004 ‼
📖 Read
via "National Vulnerability Database".
Hospital management system version 378c157 allows to bypass authentication.This is possible because the application is vulnerable to SQLI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43323 ‼
📖 Read
via "National Vulnerability Database".
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43013 ‼
📖 Read
via "National Vulnerability Database".
Asset Management System v1.0 is vulnerable to anunauthenticated SQL Injection vulnerability on the'email' parameter of index.php page, allowing anexternal attacker to dump all the contents of thedatabase contents and bypass the login control.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44173 ‼
📖 Read
via "National Vulnerability Database".
Online Movie Ticket Booking System v1.0 is vulnerable toan authenticated Reflected Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43226 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41911 ‼
📖 Read
via "National Vulnerability Database".
Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4316 ‼
📖 Read
via "National Vulnerability Database".
Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5053 ‼
📖 Read
via "National Vulnerability Database".
Hospital management system version 378c157 allows to bypass authentication.This is possible because the application is vulnerable to SQLI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43740 ‼
📖 Read
via "National Vulnerability Database".
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]📖 Read
via "National Vulnerability Database".
🕴 Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain 🕴
📖 Read
via "Dark Reading".
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.📖 Read
via "Dark Reading".
Dark Reading
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
‼ CVE-2023-44163 ‼
📖 Read
via "National Vulnerability Database".
The 'search' parameter of the process_search.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44174 ‼
📖 Read
via "National Vulnerability Database".
Online Movie Ticket Booking System v1.0 is vulnerable toan authenticated Stored Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43014 ‼
📖 Read
via "National Vulnerability Database".
Asset Management System v1.0 is vulnerable toan Authenticated SQL Injection vulnerabilityon the 'first_name' and 'last_name' parametersof user.php page, allowing an authenticatedattacker to dump all the contents of the databasecontents.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44164 ‼
📖 Read
via "National Vulnerability Database".
The 'Email' parameter of the process_login.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43654 ‼
📖 Read
via "National Vulnerability Database".
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43739 ‼
📖 Read
via "National Vulnerability Database".
The 'bookisbn' parameter of the cart.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44168 ‼
📖 Read
via "National Vulnerability Database".
The 'phone' parameter of the process_registration.php resourcedoes not validate the characters received and theyare sent unfiltered to the database.📖 Read
via "National Vulnerability Database".