🕴 Legions of Critical Infrastructure Devices Subject to Cyber Targeting 🕴
📖 Read
via "Dark Reading".
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.📖 Read
via "Dark Reading".
Dark Reading
Legions of Critical Infrastructure Devices Subject to Cyber Targeting
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.
🕴 'Operation Jacana' Reveals DinodasRAT Custom Backdoor 🕴
📖 Read
via "Dark Reading".
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.📖 Read
via "Dark Reading".
Dark Reading
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.
‼ CVE-2023-5441 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40920 ‼
📖 Read
via "National Vulnerability Database".
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44024 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39323 ‼
📖 Read
via "National Vulnerability Database".
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43981 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43284 ‼
📖 Read
via "National Vulnerability Database".
An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43983 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40556 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <=Â 5.2 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-45245 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4530 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44758 ‼
📖 Read
via "National Vulnerability Database".
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4469 ‼
📖 Read
via "National Vulnerability Database".
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45244 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45246 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44771 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40008 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=Â 2.3.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27448 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <=Â 2.8.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44765 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47175 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <=Â 1.3.75 versions.📖 Read
via "National Vulnerability Database".