βΌ CVE-2023-43877 βΌ
π Read
via "National Vulnerability Database".
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35803 βΌ
π Read
via "National Vulnerability Database".
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43321 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40299 βΌ
π Read
via "National Vulnerability Database".
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.π Read
via "National Vulnerability Database".
π΄ Insurance Companies Have a Lot to Lose in Cyberattacks π΄
π Read
via "Dark Reading".
Not only do insurance companies collate sensitive information from their clients, but they also generate their own corporate data to protect.π Read
via "Dark Reading".
Dark Reading
Insurance Companies Have a Lot to Lose in Cyberattacks
Not only do insurance companies collate sensitive information from their clients, but they also generate their own corporate data to protect.
βΌ CVE-2023-26239 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26236 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26238 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26237 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45159 βΌ
π Read
via "National Vulnerability Database".
1E Client installer can perform arbitrary file deletion on protected files.Γ Γ A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forcesΓ the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4145 βΌ
π Read
via "National Vulnerability Database".
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.π Read
via "National Vulnerability Database".
π΄ Could Cybersecurity Breaches Become Harmless in the Future? π΄
π Read
via "Dark Reading".
With these five steps, organizations can develop stronger security practices and make the inevitable breaches inconsequential.π Read
via "Dark Reading".
Dark Reading
Could Cybersecurity Breaches Become Harmless in the Future?
With these five steps, organizations can develop stronger security practices and make the inevitable breaches inconsequential.
π Wireshark Analyzer 4.0.10 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π jSQL Injection 0.94 π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.94 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit π΄
π Read
via "Dark Reading".
Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.π Read
via "Dark Reading".
Dark Reading
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit
Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.
βΌ CVE-2023-44390 βΌ
π Read
via "National Vulnerability Database".
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3248 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.π Read
via "National Vulnerability Database".
π΄ Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid π΄
π Read
via "Dark Reading".
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long β it's been chugging along, spreading ransomware, despite a massive takedown in August.π Read
via "Dark Reading".
Dark Reading
Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long β it's been chugging along, spreading ransomware, despite a massive takedown in August.
βΌ CVE-2023-40745 βΌ
π Read
via "National Vulnerability Database".
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4401 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the Γ’β¬ΛmoreΓ’β¬β’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5423 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384.π Read
via "National Vulnerability Database".