βΌ CVE-2023-42627 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39902 βΌ
π Read
via "National Vulnerability Database".
A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43776 βΌ
π Read
via "National Vulnerability Database".
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).π Read
via "National Vulnerability Database".
βΌ CVE-2023-45006 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite Γ’β¬β WooCommerce Order Delivery or Pickup with Date Time Location plugin <=Γ 2.4.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45007 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto plugin <=Γ 1.2.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42628 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's Γ’β¬ΛContentΓ’β¬β’ text field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44824 βΌ
π Read
via "National Vulnerability Database".
An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45004 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty Woo Custom Emails plugin <=Γ 2.2 versions.π Read
via "National Vulnerability Database".
π¦Ώ Is Collaboration The Key To Aussie Tech Challenges? π¦Ώ
π Read
via "Tech Republic".
As Australian organisations and government departments continue to struggle with IT resourcing, a new wave of collaboration potentially represents the solution.π Read
via "Tech Republic".
TechRepublic
Is Collaboration The Key To Aussie Tech Challenges?
As Australian organisations and government departments continue to struggle with IT resourcing, a new wave of collaboration potentially represents the solution.
π¦Ώ Software Supply Chain Security Attacks Up 200%: New Sonatype Research π¦Ώ
π Read
via "Tech Republic".
Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.π Read
via "Tech Republic".
TechRepublic
Software Supply Chain Security Attacks Up 200%: New Sonatype Research
Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.
βΌ CVE-2023-45901 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45903 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37537 βΌ
π Read
via "National Vulnerability Database".
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45904 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45906 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45907 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20598 βΌ
π Read
via "National Vulnerability Database".
An improper privilege management in the AMD RadeonΓ’βΒ’Γ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45902 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43959 βΌ
π Read
via "National Vulnerability Database".
An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45905 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.π Read
via "National Vulnerability Database".
βοΈ Tech CEO Sentenced to 5 Years in IP Address Scheme βοΈ
π Read
via "Krebs on Security".
Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan's sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.π Read
via "Krebs on Security".
Krebs on Security
Tech CEO Sentenced to 5 Years in IP Address Scheme
Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan's sentencing comes nearly two years after he pleaded guilty to using an elaborate networkβ¦
β€1