πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39645 β€Ό

Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability via the component /tvcmspaymenticon/ajax.php?action=update_position&recordsArray.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43176 β€Ό

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43953 β€Ό

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33270 β€Ό

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43898 β€Ό

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40519 β€Ό

A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33268 β€Ό

An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44973 β€Ό

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33271 β€Ό

An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33273 β€Ό

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).

πŸ“– Read

via "National Vulnerability Database".
224 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43951 β€Ό

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43952 β€Ό

SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33269 β€Ό

An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).

πŸ“– Read

via "National Vulnerability Database".
189 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40830 β€Ό

Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44974 β€Ό

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 πŸ•΄



πŸ“– Read

via "Dark Reading".
Dark Reading
Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024
LONDON, U.K., September 28, 2023 – Worldwide end-user spending on security and risk management is projected to total $215 billion in 2024, an increase of 14.3% from 2023, according to new forecast from Gartner, Inc. In 2023, global security and risk management…
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US πŸ•΄

Russian hacktivist attacks are mostly for show, but sometimes they cause serious damage and are poised to begin getting worse.

πŸ“– Read

via "Dark Reading".
Dark Reading
Russian Hacktivism: Flashy Non-Events or Serious Threat?
While it's tempting to dismiss Russian hacktivist DDoSing as all sizzle and no steak, experts warn the cyberattacks can cause serious damage -- and are poised to become more and more dangerous
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39648 β€Ό

Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module Ò€œTheme Volty CMS TestimonialҀ� (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

πŸ“– Read

via "National Vulnerability Database".
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39647 β€Ό

Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module Ò€œTheme Volty CMS Category ProductҀ� (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39651 β€Ό

Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module Ò€œTheme Volty CMS BrandListҀ� (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

πŸ“– Read

via "National Vulnerability Database".
377 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39646 β€Ό

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module Ò€œTheme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

πŸ“– Read

via "National Vulnerability Database".
468 views