‼ CVE-2023-46042 ‼
📖 Read
via "National Vulnerability Database".
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35181 ‼
📖 Read
via "National Vulnerability Database".
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.📖 Read
via "National Vulnerability Database".
🕴 AI-Powered Israeli 'Cyber Dome' Defense Operation Comes to Life 🕴
📖 Read
via "Dark Reading".
The Israelis are building a cyber defense system that will use ChatGPT-like generative AI platforms to parse threat intelligence.📖 Read
via "Dark Reading".
Dark Reading
AI-Powered Israeli 'Cyber Dome' Defense Operation Comes to Life
The Israelis are building a cyber defense system that will use ChatGPT-like generative AI platforms to parse threat intelligence.
🕴 Tips for a Successful SecOps Game Plan 🕴
📖 Read
via "Dark Reading".
Dark Reading's special report on SecOps data analytics looks at the elements needed to set up a proper data foundation. Getting the data right when collecting, aggregating, and analyzing it is essential.📖 Read
via "Dark Reading".
Dark Reading
Tips for a Successful SecOps Game Plan
Dark Reading's special report on SecOps data analytics looks at the elements needed to set up a proper data foundation — because getting the data right when collecting, aggregating, and analyzing it is essential.
‼ CVE-2023-45277 ‼
📖 Read
via "National Vulnerability Database".
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45278 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46033 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45281 ‼
📖 Read
via "National Vulnerability Database".
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47583 ‼
📖 Read
via "National Vulnerability Database".
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35126 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45665 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** This CVE is a duplicate of another CVE.📖 Read
via "National Vulnerability Database".
🕴 Europol Strike Wounds Ragnar Locker Ransomware Group 🕴
📖 Read
via "Dark Reading".
Several countries in Europe as well as the United States and Japan were involved in the operation, which is aimed at defanging one of the bigger names in ransomware.📖 Read
via "Dark Reading".
Dark Reading
Europol Strike Wounds Ragnar Locker Ransomware Group
Several countries in Europe as well as the United States and Japan were involved in the operation, which is aimed at defanging one of the bigger names in ransomware.
‼ CVE-2023-40153 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41088 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45381 ‼
📖 Read
via "National Vulnerability Database".
In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().`📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42666 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45809 ‼
📖 Read
via "National Vulnerability Database".
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38128 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43986 ‼
📖 Read
via "National Vulnerability Database".
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45992 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414 allows a remote attacker to escalate privileges via a crafted script to the macaddress parameter in the onboarding portal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42435 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.📖 Read
via "National Vulnerability Database".