βΌ CVE-2023-44228 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <=Γ 8.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44263 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <=Γ 2.2 versions.π Read
via "National Vulnerability Database".
π΄ Making Sense of Today's Payment Cybersecurity Landscape π΄
π Read
via "Dark Reading".
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.π Read
via "Dark Reading".
Dark Reading
Making Sense of Today's Payment Cybersecurity Landscape
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.
βΌ CVE-2023-5106 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41580 βΌ
π Read
via "National Vulnerability Database".
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.π Read
via "National Vulnerability Database".
π TOR Virtual Network Tunneling Tool 0.4.8.7 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.8.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π jSQL Injection 0.93 π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.93 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βοΈ Donβt Let Zombie Zoom Links Drag You Down βοΈ
π Read
via "Krebs on Security".
Many organizations β including quite a few Fortune 500 firms β have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organizationβs employees, customers or partners to phishing and other social engineering attacks.π Read
via "Krebs on Security".
Krebs on Security
Donβt Let Zombie Zoom Links Drag You Down
Many organizations β including quite a few Fortune 500 firms β have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID numberβ¦
βΌ CVE-2023-4659 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3769 βΌ
π Read
via "National Vulnerability Database".
Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3770 βΌ
π Read
via "National Vulnerability Database".
Γ Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3744 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5290 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10124 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ Iran-Linked APT34 Spy Campaign Targets Saudis π΄
π Read
via "Dark Reading".
The Menorah malware can upload and download files, as well as execute shell commands.π Read
via "Dark Reading".
Dark Reading
Iran-Linked APT34 Spy Campaign Targets Saudis
The Menorah malware can upload and download files, as well as execute shell commands.
π΄ Which DFIR Challenges Does the Middle East Face? π΄
π Read
via "Dark Reading".
Demand for digital forensics and incident response (DFIR) surges in the Middle East, a new IDC report finds. Is automation the answer?π Read
via "Dark Reading".
Dark Reading
Which DFIR Challenges Does the Middle East Face?
Demand for digital forensics and incident response (DFIR) surges in the Middle East, a new IDC report finds. Is automation the answer?
π΄ Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection π΄
π Read
via "Dark Reading".
Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.π Read
via "Dark Reading".
Dark Reading
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection
Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.
π΄ FBI: Crippling 'Dual Ransomware Attacks' on the Rise π΄
π Read
via "Dark Reading".
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.π Read
via "Dark Reading".
Dark Reading
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
βΌ CVE-2023-37605 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40744 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2023. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0809 βΌ
π Read
via "National Vulnerability Database".
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.π Read
via "National Vulnerability Database".