βΌ CVE-2023-36950 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3392 βΌ
π Read
via "National Vulnerability Database".
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.π Read
via "National Vulnerability Database".
π΄ How Data Changes the Cyber-Insurance Market Outlook π΄
π Read
via "Dark Reading".
By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.π Read
via "Dark Reading".
Dark Reading
How Data Changes the Cyber-Insurance Market Outlook
By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.
βΌ CVE-2023-44987 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <=Γ 2.0.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46066 βΌ
π Read
via "National Vulnerability Database".
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay Γ’β¬β Media Library Folders plugin <=Γ 1.6 versions.π Read
via "National Vulnerability Database".
π jSQL Injection 0.95 π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.π Read
via "Packet Storm Security".
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π Falco 0.36.1 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.36.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-5575 βΌ
π Read
via "National Vulnerability Database".
Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46087 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page Γ’β¬β Hit Counter plugin <=Γ 1.4.14.3 versions.π Read
via "National Vulnerability Database".
π΄ Pro-Israeli Hacktivist Group Predatory Sparrow Reappears π΄
π Read
via "Dark Reading".
It's been a year since its last communication and attack on Iran β but the conflict with Hamas appears to have reactivated the group.π Read
via "Dark Reading".
Dark Reading
Pro-Israeli Hacktivist Group 'Predatory Sparrow' Reappears
It's been a year since its last communication and attack on Iran β but the conflict with Hamas appears to have reactivated the group.
π΄ Name That Toon: Modern Monarchy π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Modern Monarchy
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2023-45685 βΌ
π Read
via "National Vulnerability Database".
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversalπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45689 βΌ
π Read
via "National Vulnerability Database".
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversalπ Read
via "National Vulnerability Database".
βΌ CVE-2023-20198 βΌ
π Read
via "National Vulnerability Database".
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisoryΓ Cisco will provide updates on the status of this investigation and when a software patch is available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45688 βΌ
π Read
via "National Vulnerability Database".
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" commandπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45687 βΌ
π Read
via "National Vulnerability Database".
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosingπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45686 βΌ
π Read
via "National Vulnerability Database".
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversalπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45690 βΌ
π Read
via "National Vulnerability Database".
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystemπ Read
via "National Vulnerability Database".
π΄ 'RomCom' Cyber Campaign Targets Women Political Leaders π΄
π Read
via "Dark Reading".
A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware.π Read
via "Dark Reading".
Dark Reading
'RomCom' Cyber Campaign Targets Women Political Leaders
A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware.
βΌ CVE-2023-45985 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43120 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.π Read
via "National Vulnerability Database".