‼ CVE-2023-44394 ‼
📖 Read
via "National Vulnerability Database".
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44388 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40374 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38728 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45540 ‼
📖 Read
via "National Vulnerability Database".
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38740 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30991 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44391 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43659 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43658 ‼
📖 Read
via "National Vulnerability Database".
dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.📖 Read
via "National Vulnerability Database".
🕴 5 Ways Hospitals Can Help Improve Their IoT Security 🕴
📖 Read
via "Dark Reading".
HIPAA compliance does not equal security, as continuing attacks on healthcare organizations show. Medical devices need to be secured.📖 Read
via "Dark Reading".
Dark Reading
5 Ways Hospitals Can Help Improve Their IoT Security
HIPAA compliance does not equal security, as continuing attacks on healthcare organizations show. Medical devices need to be secured.
‼ CVE-2012-10016 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22386 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221963.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45152 ‼
📖 Read
via "National Vulnerability Database".
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34208 ‼
📖 Read
via "National Vulnerability Database".
Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38719 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43892 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.📖 Read
via "National Vulnerability Database".
‼ CVE-2011-10004 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43893 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22377 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22384 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961.📖 Read
via "National Vulnerability Database".