‼ CVE-2023-46298 ‼
📖 Read
via "National Vulnerability Database".
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38276 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38275 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46301 ‼
📖 Read
via "National Vulnerability Database".
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46300 ‼
📖 Read
via "National Vulnerability Database".
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38735 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-46898 ‼
📖 Read
via "National Vulnerability Database".
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46303 ‼
📖 Read
via "National Vulnerability Database".
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2021-46897 ‼
📖 Read
via "National Vulnerability Database".
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46306 ‼
📖 Read
via "National Vulnerability Database".
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5693 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5694 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46095 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <=Â 1.1.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46085 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <=Â 2.2.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46317 ‼
📖 Read
via "National Vulnerability Database".
Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5695 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46089 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <=Â 1.0.13 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5696 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46315 ‼
📖 Read
via "National Vulnerability Database".
The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.📖 Read
via "National Vulnerability Database".
🕴 FedRAMP Rev. 5: How Cloud Service Providers Can Prepare 🕴
📖 Read
via "Dark Reading".
What cloud service providers need to know to prepare for FedRAMP Baselines Rev. 5, as documented in the new Transition Guide.📖 Read
via "Dark Reading".
Dark Reading
FedRAMP Rev. 5: How Cloud Service Providers Can Prepare
What cloud service providers need to know to prepare for FedRAMP Baselines Rev. 5, as documented in the new Transition Guide.
🦿 Penetration Testing and Scanning Policy 🦿
📖 Read
via "Tech Republic".
System or network vulnerabilities and security threats can severely impact business operations or even shutter its doors. However, these incidents can be prevented by proactively detecting potential threat opportunities. The purpose of this policy from TechRepublic Premium is to provide guidelines for appropriate penetration testing and scanning of computer systems and networks. It includes preparation, ...📖 Read
via "Tech Republic".
TechRepublic
Penetration Testing and Scanning Policy
System or network vulnerabilities and security threats can severely impact business operations or even shutter its doors. However, these incidents can be