โผ CVE-2023-46754 โผ
๐ Read
via "National Vulnerability Database".
The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46752 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5798 โผ
๐ Read
via "National Vulnerability Database".
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks๐ Read
via "National Vulnerability Database".
๐ด Complex Spy Platform StripedFly Bites 1M Victims ๐ด
๐ Read
via "Dark Reading".
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.๐ Read
via "Dark Reading".
Dark Reading
Complex Spy Platform StripedFly Bites 1M Victims
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
โผ CVE-2023-30492 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <=ร 2.0.0.1 versions.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2023-46094 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <=ร 6.5.3 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5802 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin รขโฌโ WP Knowledgebase plugin <=ร 1.3.4 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46081 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <=ร 1.1.34 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46076 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <=ร 1.2.102 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46075 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <=ร 2.1.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46074 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <=ร 2.3.2 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46072 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <=ร 2.0.9 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46088 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <=ร 1.6.1 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32116 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <=ร 4.0.12 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-17477 โผ
๐ Read
via "National Vulnerability Database".
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5781 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46077 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed รขโฌโ Custom Feed plugin <=ร 2.2.5 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5780 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐ Read
via "National Vulnerability Database".
๐ด What Would a Government Shutdown Mean for Cybersecurity? ๐ด
๐ Read
via "Dark Reading".
Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too. ๐ Read
via "Dark Reading".
Dark Reading
What Would a Government Shutdown Mean for Cybersecurity?
Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too.
๐ GRR 3.4.7.1 ๐
๐ Read
via "Packet Storm Security".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.๐ Read
via "Packet Storm Security".
Packetstormsecurity
GRR 3.4.7.1 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐ Clam AntiVirus Toolkit 1.2.1 ๐
๐ Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.๐ Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 1.2.1 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers