βΌ CVE-2023-4517 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45467 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45466 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45465 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43079 βΌ
π Read
via "National Vulnerability Database".
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system.Γ Exploitation may lead to a complete system compromise.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45463 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4995 βΌ
π Read
via "National Vulnerability Database".
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45107 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <=Γ 1.0.22 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39999 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in WordPressΓ from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.π Read
via "National Vulnerability Database".
π΄ What the Hollywood Writers Strike Resolution Means for Cybersecurity π΄
π Read
via "Dark Reading".
The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.π Read
via "Dark Reading".
Dark Reading
What the Hollywood Writers Strike Resolution Means for Cybersecurity
The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.
π Zed Attack Proxy 2.14.0 Cross Platform Package π
π Read
via "Packet Storm Security".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.π Read
via "Packet Storm Security".
Packetstormsecurity
Zed Attack Proxy 2.14.0 Cross Platform Package β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-45393 βΌ
π Read
via "National Vulnerability Database".
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41680 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41682 βΌ
π Read
via "National Vulnerability Database".
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45267 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <=Γ 2.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41681 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45109 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <=Γ 1.1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41843 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45391 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33303 βΌ
π Read
via "National Vulnerability Database".
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api requestπ Read
via "National Vulnerability Database".
βΌ CVE-2023-41836 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".