βΌ CVE-2023-45273 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <=Γ 1.2.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45274 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <=Γ 1.3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36953 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4834 βΌ
π Read
via "National Vulnerability Database".
In Red Lion EuropeΓ mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 anΓ improperly implemented access validation allows an authenticated, low privilegedΓ attacker to gain read access to limited, non-critical device information in his account he should not have access to.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36950 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3392 βΌ
π Read
via "National Vulnerability Database".
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.π Read
via "National Vulnerability Database".
π΄ How Data Changes the Cyber-Insurance Market Outlook π΄
π Read
via "Dark Reading".
By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.π Read
via "Dark Reading".
Dark Reading
How Data Changes the Cyber-Insurance Market Outlook
By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.
βΌ CVE-2023-44987 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <=Γ 2.0.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46066 βΌ
π Read
via "National Vulnerability Database".
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay Γ’β¬β Media Library Folders plugin <=Γ 1.6 versions.π Read
via "National Vulnerability Database".
π jSQL Injection 0.95 π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.π Read
via "Packet Storm Security".
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π Falco 0.36.1 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.36.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-5575 βΌ
π Read
via "National Vulnerability Database".
Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46087 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page Γ’β¬β Hit Counter plugin <=Γ 1.4.14.3 versions.π Read
via "National Vulnerability Database".
π΄ Pro-Israeli Hacktivist Group Predatory Sparrow Reappears π΄
π Read
via "Dark Reading".
It's been a year since its last communication and attack on Iran β but the conflict with Hamas appears to have reactivated the group.π Read
via "Dark Reading".
Dark Reading
Pro-Israeli Hacktivist Group 'Predatory Sparrow' Reappears
It's been a year since its last communication and attack on Iran β but the conflict with Hamas appears to have reactivated the group.
π΄ Name That Toon: Modern Monarchy π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Modern Monarchy
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2023-45685 βΌ
π Read
via "National Vulnerability Database".
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversalπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45689 βΌ
π Read
via "National Vulnerability Database".
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversalπ Read
via "National Vulnerability Database".
βΌ CVE-2023-20198 βΌ
π Read
via "National Vulnerability Database".
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisoryΓ Cisco will provide updates on the status of this investigation and when a software patch is available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45688 βΌ
π Read
via "National Vulnerability Database".
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" commandπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45687 βΌ
π Read
via "National Vulnerability Database".
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosingπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45686 βΌ
π Read
via "National Vulnerability Database".
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversalπ Read
via "National Vulnerability Database".