โผ CVE-2023-43252 โผ
๐ Read
via "National Vulnerability Database".
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37830 โผ
๐ Read
via "National Vulnerability Database".
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45384 โผ
๐ Read
via "National Vulnerability Database".
KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest can upload files with extensions .php๐ Read
via "National Vulnerability Database".
๐ด Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months ๐ด
๐ Read
via "Dark Reading".
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.๐ Read
via "Dark Reading".
Dark Reading
Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
โผ CVE-2023-45883 โผ
๐ Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45379 โผ
๐ Read
via "National Vulnerability Database".
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.๐ Read
via "National Vulnerability Database".
๐ด Patch Now: APTs Continue to Pummel WinRAR Bug ๐ด
๐ Read
via "Dark Reading".
State-sponsored cyber espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.๐ Read
via "Dark Reading".
Dark Reading
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyber-espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
๐ด Q&A: The Outlook for Israeli Cyber Startups, As War Clouds Gather ๐ด
๐ Read
via "Dark Reading".
Amid the burgeoning war, Israel's tech sector is focused on resilience. Ofer Schreiber, senior director at YL Ventures, weighs in on the conflict, funding for cybersecurity startups, overblown valuations, and what the future holds.๐ Read
via "Dark Reading".
Dark Reading
Q&A: The Outlook for Israeli Cyber Startups, As War Clouds Gather
Amid the burgeoning war, Israel's tech sector is focused on resilience. Ofer Schreiber, senior partner at YL Ventures, weighs in on the conflict, funding for cybersecurity startups, overblown valuations, and what the future holds.
โผ CVE-2023-35180 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35183 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5654 โผ
๐ Read
via "National Vulnerability Database".
The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URLรขโฌโขs via the victim's browser.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35184 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35182 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35187 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-43251 โผ
๐ Read
via "National Vulnerability Database".
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35185 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31046 โผ
๐ Read
via "National Vulnerability Database".
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an attacker to achieve read-only access to the server's filesystem.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35186 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46042 โผ
๐ Read
via "National Vulnerability Database".
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35181 โผ
๐ Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.๐ Read
via "National Vulnerability Database".
๐ด AI-Powered Israeli 'Cyber Dome' Defense Operation Comes to Life ๐ด
๐ Read
via "Dark Reading".
The Israelis are building a cyber defense system that will use ChatGPT-like generative AI platforms to parse threat intelligence.๐ Read
via "Dark Reading".
Dark Reading
AI-Powered Israeli 'Cyber Dome' Defense Operation Comes to Life
The Israelis are building a cyber defense system that will use ChatGPT-like generative AI platforms to parse threat intelligence.