🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 'Operation Jacana' Reveals DinodasRAT Custom Backdoor 🕴

The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.

📖 Read

via "Dark Reading".
Dark Reading
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.
276 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5441

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

📖 Read

via "National Vulnerability Database".
254 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40920

Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().

📖 Read

via "National Vulnerability Database".
270 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44024

SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.

📖 Read

via "National Vulnerability Database".
300 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39323

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

📖 Read

via "National Vulnerability Database".
370 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43981

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.

📖 Read

via "National Vulnerability Database".
451 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43284

An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.

📖 Read

via "National Vulnerability Database".
488 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43983

Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

📖 Read

via "National Vulnerability Database".
530 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40556

Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

📖 Read

via "National Vulnerability Database".
1
477 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-45245

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.

📖 Read

via "National Vulnerability Database".
449 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4530

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.

📖 Read

via "National Vulnerability Database".
431 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44758

GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.

📖 Read

via "National Vulnerability Database".
338 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4469

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.

📖 Read

via "National Vulnerability Database".
342 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-45244

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895.

📖 Read

via "National Vulnerability Database".
339 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-45246

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343.

📖 Read

via "National Vulnerability Database".
344 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44771

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.

📖 Read

via "National Vulnerability Database".
297 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40008

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.

📖 Read

via "National Vulnerability Database".
296 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-27448

Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.

📖 Read

via "National Vulnerability Database".
309 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44765

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-47175

Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.

📖 Read

via "National Vulnerability Database".
212 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-44764

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.

📖 Read

via "National Vulnerability Database".
214 views