βΌ CVE-2023-45010 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex MacArthur Complete Open Graph plugin <=Γ 3.4.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44310 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44311 βΌ
π Read
via "National Vulnerability Database".
Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45005 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos Seriously Simple Stats plugin <=Γ 1.5.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5522 βΌ
π Read
via "National Vulnerability Database".
Mattermost Mobile fails to limitΓ the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel andΓ freeze the mobile app of users when viewing that particular channel.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-45003 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <=Γ 2.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44990 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF Γ’β¬β WordPress Posts Bulk Editor and Manager Professional plugin <=Γ 1.0.7.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5339 βΌ
π Read
via "National Vulnerability Database".
Mattermost DesktopΓ fails to set an appropriate log level during initial run after fresh installationΓ resulting in logging all keystrokesΓ including password entryΓ being logged.Γ π Read
via "National Vulnerability Database".
π΄ Top 6 Mistakes in Incident Response Tabletop Exercises π΄
π Read
via "Dark Reading".
Avoid these errors to get the greatest value from your incident response training sessions.π Read
via "Dark Reading".
Dark Reading
Top 6 Mistakes in Incident Response Tabletop Exercises
Avoid these errors to get the greatest value from your incident response training sessions.
βΌ CVE-2023-43777 βΌ
π Read
via "National Vulnerability Database".
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries.Γ π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-3761 βΌ
π Read
via "National Vulnerability Database".
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentialsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-42627 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39902 βΌ
π Read
via "National Vulnerability Database".
A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43776 βΌ
π Read
via "National Vulnerability Database".
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).π Read
via "National Vulnerability Database".
βΌ CVE-2023-45006 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite Γ’β¬β WooCommerce Order Delivery or Pickup with Date Time Location plugin <=Γ 2.4.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45007 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto plugin <=Γ 1.2.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42628 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's Γ’β¬ΛContentΓ’β¬β’ text field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44824 βΌ
π Read
via "National Vulnerability Database".
An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45004 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty Woo Custom Emails plugin <=Γ 2.2 versions.π Read
via "National Vulnerability Database".
π¦Ώ Is Collaboration The Key To Aussie Tech Challenges? π¦Ώ
π Read
via "Tech Republic".
As Australian organisations and government departments continue to struggle with IT resourcing, a new wave of collaboration potentially represents the solution.π Read
via "Tech Republic".
TechRepublic
Is Collaboration The Key To Aussie Tech Challenges?
As Australian organisations and government departments continue to struggle with IT resourcing, a new wave of collaboration potentially represents the solution.
π¦Ώ Software Supply Chain Security Attacks Up 200%: New Sonatype Research π¦Ώ
π Read
via "Tech Republic".
Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.π Read
via "Tech Republic".
TechRepublic
Software Supply Chain Security Attacks Up 200%: New Sonatype Research
Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.