βΌ CVE-2023-45107 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <=Γ 1.0.22 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39999 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in WordPressΓ from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.π Read
via "National Vulnerability Database".
π΄ What the Hollywood Writers Strike Resolution Means for Cybersecurity π΄
π Read
via "Dark Reading".
The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.π Read
via "Dark Reading".
Dark Reading
What the Hollywood Writers Strike Resolution Means for Cybersecurity
The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.
π Zed Attack Proxy 2.14.0 Cross Platform Package π
π Read
via "Packet Storm Security".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.π Read
via "Packet Storm Security".
Packetstormsecurity
Zed Attack Proxy 2.14.0 Cross Platform Package β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-45393 βΌ
π Read
via "National Vulnerability Database".
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41680 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41682 βΌ
π Read
via "National Vulnerability Database".
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45267 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <=Γ 2.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41681 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45109 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <=Γ 1.1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41843 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45391 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33303 βΌ
π Read
via "National Vulnerability Database".
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api requestπ Read
via "National Vulnerability Database".
βΌ CVE-2023-41836 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45268 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <=Γ 5.86 versions.π Read
via "National Vulnerability Database".
π΄ Gaza Conflict Paves Way for Pro-Hamas Information Operations π΄
π Read
via "Dark Reading".
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.π Read
via "Dark Reading".
Dark Reading
Gaza Conflict Paves Way for Pro-Hamas Information Operations
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.
π΄ Microsoft Debuts AI Bug-Bounty Program, Offers $15K π΄
π Read
via "Dark Reading".
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.π Read
via "Dark Reading".
Dark Reading
Microsoft Debuts AI Bug-Bounty Program, Offers $15K
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.
π΄ ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic π΄
π Read
via "Dark Reading".
The botnet β built for DDoS, backdooring, and dropping malware β is evading standard URL signature detections with a novel approach.π Read
via "Dark Reading".
Dark Reading
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
The botnet β built for DDoS, backdooring, and dropping malware β is evading standard URL signature detections with a novel approach involving Hex IP addresses.
βΌ CVE-2023-5449 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitorΓ’β¬β’s Theft Deterrence to be deactivated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4499 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45269 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <=Γ 2.0.23 versions.π Read
via "National Vulnerability Database".