‼ CVE-2023-5267 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41687 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <=Â 2.4.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41658 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <=Â 1.0.13 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39308 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <=Â 1.0.7 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5265 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5263 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41666 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <=Â 2.9.9 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5266 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879.📖 Read
via "National Vulnerability Database".
🕴 Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software 🕴
📖 Read
via "Dark Reading".
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.📖 Read
via "Dark Reading".
Dark Reading
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
👍1
🕴 Cybersecurity Gaps Plague US State Department, GAO Report Warns 🕴
📖 Read
via "Dark Reading".
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.📖 Read
via "Dark Reading".
Dark Reading
Cybersecurity Gaps Plague US State Department, GAO Report Warns
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
👍1
‼ CVE-2023-5268 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39410 ‼
📖 Read
via "National Vulnerability Database".
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5273 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5272 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5269 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5271 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5270 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3024 ‼
📖 Read
via "National Vulnerability Database".
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.📖 Read
via "National Vulnerability Database".
🕴 Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain 🕴
📖 Read
via "Dark Reading".
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.📖 Read
via "Dark Reading".
Dark Reading
Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
🕴 DHS Calls Into Question Physical Security in Johnson Controls Cyberattack 🕴
📖 Read
via "Dark Reading".
An internal memo notes of DHS floor plans that could have been accessed in the breach.📖 Read
via "Dark Reading".
Dark Reading
ICS/OT Security recent news | Dark Reading
Explore the latest news and expert commentary on ICS/OT Security, brought to you by the editors of Dark Reading
🕴 How Can Your Security Team Help Developers Shift Left? 🕴
📖 Read
via "Dark Reading".
Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.📖 Read
via "Dark Reading".
Dark Reading
How Can Your Security Team Help Developers Shift Left?
Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.