βΌ CVE-2023-44144 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <=Γ 3.2.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44239 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <=Γ 2.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44245 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <=Γ 4.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44265 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <=Γ 7.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3768 βΌ
π Read
via "National Vulnerability Database".
Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44230 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <=Γ 7.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5160 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowingΓ a member to get the full name of another user even if the Show Full Name option was disabledπ Read
via "National Vulnerability Database".
βΌ CVE-2023-44262 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <=Γ 1.6.41 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44242 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <=Γ 1.3.54 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44228 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <=Γ 8.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44263 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <=Γ 2.2 versions.π Read
via "National Vulnerability Database".
π΄ Making Sense of Today's Payment Cybersecurity Landscape π΄
π Read
via "Dark Reading".
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.π Read
via "Dark Reading".
Dark Reading
Making Sense of Today's Payment Cybersecurity Landscape
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.
βΌ CVE-2023-5106 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41580 βΌ
π Read
via "National Vulnerability Database".
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.π Read
via "National Vulnerability Database".
π TOR Virtual Network Tunneling Tool 0.4.8.7 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.8.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π jSQL Injection 0.93 π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.93 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βοΈ Donβt Let Zombie Zoom Links Drag You Down βοΈ
π Read
via "Krebs on Security".
Many organizations β including quite a few Fortune 500 firms β have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organizationβs employees, customers or partners to phishing and other social engineering attacks.π Read
via "Krebs on Security".
Krebs on Security
Donβt Let Zombie Zoom Links Drag You Down
Many organizations β including quite a few Fortune 500 firms β have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID numberβ¦
βΌ CVE-2023-4659 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3769 βΌ
π Read
via "National Vulnerability Database".
Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3770 βΌ
π Read
via "National Vulnerability Database".
Γ Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3744 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.π Read
via "National Vulnerability Database".