βΌ CVE-2023-41836 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45268 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <=Γ 5.86 versions.π Read
via "National Vulnerability Database".
π΄ Gaza Conflict Paves Way for Pro-Hamas Information Operations π΄
π Read
via "Dark Reading".
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.π Read
via "Dark Reading".
Dark Reading
Gaza Conflict Paves Way for Pro-Hamas Information Operations
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.
π΄ Microsoft Debuts AI Bug-Bounty Program, Offers $15K π΄
π Read
via "Dark Reading".
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.π Read
via "Dark Reading".
Dark Reading
Microsoft Debuts AI Bug-Bounty Program, Offers $15K
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.
π΄ ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic π΄
π Read
via "Dark Reading".
The botnet β built for DDoS, backdooring, and dropping malware β is evading standard URL signature detections with a novel approach.π Read
via "Dark Reading".
Dark Reading
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
The botnet β built for DDoS, backdooring, and dropping malware β is evading standard URL signature detections with a novel approach involving Hex IP addresses.
βΌ CVE-2023-5449 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitorΓ’β¬β’s Theft Deterrence to be deactivated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4499 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45269 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <=Γ 2.0.23 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40682 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45270 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <=Γ 2.9.9.4.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5409 βΌ
π Read
via "National Vulnerability Database".
HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45276 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <=Γ 1.3 versions.π Read
via "National Vulnerability Database".
π΄ Security Pros Warn that EU's Vulnerability Disclosure Rule is Risky π΄
π Read
via "Dark Reading".
The European Union's Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance.π Read
via "Dark Reading".
Dark Reading
Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky
The European Union's Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance.
π΄ Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure π΄
π Read
via "Dark Reading".
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.π Read
via "Dark Reading".
Dark Reading
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.
π΄ How MOVEit Is Likely to Shift Cyber Insurance Calculus π΄
π Read
via "Dark Reading".
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.π Read
via "Dark Reading".
Dark Reading
How MOVEit Is Likely to Shift Cyber Insurance Calculus
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.
βΌ CVE-2023-4257 βΌ
π Read
via "National Vulnerability Database".
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45853 βΌ
π Read
via "National Vulnerability Database".
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30148 βΌ
π Read
via "National Vulnerability Database".
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45674 βΌ
π Read
via "National Vulnerability Database".
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30154 βΌ
π Read
via "National Vulnerability Database".
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45852 βΌ
π Read
via "National Vulnerability Database".
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.π Read
via "National Vulnerability Database".