‼ CVE-2023-36548 ‼
📖 Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5492 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5493 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5494 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5495 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44996 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <=Â 1.8.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5496 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
🕴 Hackers For Hire Hit Both Sides in Israel-Hamas Conflict 🕴
📖 Read
via "Dark Reading".
DDoS for hire and live attacks hit both sides as cyber campaigns continue.📖 Read
via "Dark Reading".
Dark Reading
Hackers for Hire Hit Both Sides in Israel-Hamas Conflict
DDoS for hire and live attacks hit both sides as cyber campaigns continue.
🕴 Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event 🕴
📖 Read
via "Dark Reading".
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.📖 Read
via "Dark Reading".
Dark Reading
Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.
‼ CVE-2023-36729 ‼
📖 Read
via "National Vulnerability Database".
Named Pipe File System Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36565 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Graphics Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36902 ‼
📖 Read
via "National Vulnerability Database".
Windows Runtime Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36414 ‼
📖 Read
via "National Vulnerability Database".
Azure Identity SDK Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35349 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Message Queuing Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36592 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Message Queuing Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36435 ‼
📖 Read
via "National Vulnerability Database".
Microsoft QUIC Denial of Service Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36417 ‼
📖 Read
via "National Vulnerability Database".
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36415 ‼
📖 Read
via "National Vulnerability Database".
Azure Identity SDK Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36429 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36564 ‼
📖 Read
via "National Vulnerability Database".
Windows Search Security Feature Bypass Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36561 ‼
📖 Read
via "National Vulnerability Database".
Azure DevOps Server Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".