πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25K subscribers
88.4K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5587 β€Ό

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
545 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5590 β€Ό

NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.

πŸ“– Read

via "National Vulnerability Database".
525 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48612 β€Ό

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.

πŸ“– Read

via "National Vulnerability Database".
496 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5591 β€Ό

SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.

πŸ“– Read

via "National Vulnerability Database".
481 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40377 β€Ό

Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.

πŸ“– Read

via "National Vulnerability Database".
519 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40790 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
499 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33836 β€Ό

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.

πŸ“– Read

via "National Vulnerability Database".
518 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43666 β€Ό

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,Γ‚ General user can view all user data like Admin account.Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.[1]Γ‚  https://github.com/apache/inlong/pull/8623

πŸ“– Read

via "National Vulnerability Database".
509 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45273 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <=Γ‚ 1.2.3 versions.

πŸ“– Read

via "National Vulnerability Database".
503 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45274 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <=Γ‚ 1.3.1 versions.

πŸ“– Read

via "National Vulnerability Database".
467 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36953 β€Ό

TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.

πŸ“– Read

via "National Vulnerability Database".
417 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4834 β€Ό

In Red Lion EuropeΓ‚ mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 anΓ‚ improperly implemented access validation allows an authenticated, low privilegedΓ‚ attacker to gain read access to limited, non-critical device information in his account he should not have access to.

πŸ“– Read

via "National Vulnerability Database".
449 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36950 β€Ό

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

πŸ“– Read

via "National Vulnerability Database".
475 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3392 β€Ό

The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

πŸ“– Read

via "National Vulnerability Database".
491 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ How Data Changes the Cyber-Insurance Market Outlook πŸ•΄

By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.

πŸ“– Read

via "Dark Reading".
Dark Reading
How Data Changes the Cyber-Insurance Market Outlook
By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.
512 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44987 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <=Γ‚ 2.0.2 versions.

πŸ“– Read

via "National Vulnerability Database".
461 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46066 β€Ό

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay Γ’β‚¬β€œ Media Library Folders plugin <=Γ‚ 1.6 versions.

πŸ“– Read

via "National Vulnerability Database".
445 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  jSQL Injection 0.95 πŸ› 

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

πŸ“– Read

via "Packet Storm Security".
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
446 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Falco 0.36.1 πŸ› 

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Falco 0.36.1 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
492 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5575 β€Ό

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.

πŸ“– Read

via "National Vulnerability Database".
423 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46087 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page Γ’β‚¬β€œ Hit Counter plugin <=Γ‚ 1.4.14.3 versions.

πŸ“– Read

via "National Vulnerability Database".
388 views