‼ CVE-2023-36555 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33301 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34988 ‼
📖 Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22298 ‼
📖 Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27631 ‼
📖 Read
via "National Vulnerability Database".
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42788 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42782 ‼
📖 Read
via "National Vulnerability Database".
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36548 ‼
📖 Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5492 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5493 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5494 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5495 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44996 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <=Â 1.8.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5496 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
🕴 Hackers For Hire Hit Both Sides in Israel-Hamas Conflict 🕴
📖 Read
via "Dark Reading".
DDoS for hire and live attacks hit both sides as cyber campaigns continue.📖 Read
via "Dark Reading".
Dark Reading
Hackers for Hire Hit Both Sides in Israel-Hamas Conflict
DDoS for hire and live attacks hit both sides as cyber campaigns continue.
🕴 Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event 🕴
📖 Read
via "Dark Reading".
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.📖 Read
via "Dark Reading".
Dark Reading
Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.
‼ CVE-2023-36729 ‼
📖 Read
via "National Vulnerability Database".
Named Pipe File System Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36565 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Graphics Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36902 ‼
📖 Read
via "National Vulnerability Database".
Windows Runtime Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36414 ‼
📖 Read
via "National Vulnerability Database".
Azure Identity SDK Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35349 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Message Queuing Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".