βΌ CVE-2023-39427 βΌ
π Read
via "National Vulnerability Database".
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33559 βΌ
π Read
via "National Vulnerability Database".
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-5804 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46662 βΌ
π Read
via "National Vulnerability Database".
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39936 βΌ
π Read
via "National Vulnerability Database".
In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39726 βΌ
π Read
via "National Vulnerability Database".
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46664 βΌ
π Read
via "National Vulnerability Database".
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46747 βΌ
π Read
via "National Vulnerability Database".
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2023-46748 βΌ
π Read
via "National Vulnerability Database".
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2023-33558 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44267 βΌ
π Read
via "National Vulnerability Database".
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.Γ Γ The 'lnm' parameter of the header.php resourceΓ does not validate the characters received and theyΓ are sent unfiltered to the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46661 βΌ
π Read
via "National Vulnerability Database".
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46665 βΌ
π Read
via "National Vulnerability Database".
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.π Read
via "National Vulnerability Database".
π΄ Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time
PRESS RELEASE
π΄ SMBs Need to Balance Cybersecurity Needs and Resources π΄
π Read
via "Dark Reading".
Small and midsize businesses face the same cyberattacks as enterprises, with fewer resources. Here's how to protect a company that has leaner means.π Read
via "Dark Reading".
Dark Reading
SMBs Need to Balance Cybersecurity Needs and Resources
Small and midsize businesses face the same cyberattacks as enterprises, but with fewer resources. Here's how to protect a company that has leaner means.
βΌ CVE-2023-43737 βΌ
π Read
via "National Vulnerability Database".
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38328 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.π Read
via "National Vulnerability Database".
βΌ CVE-2018-17879 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2018-16739 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2018-17558 βΌ
π Read
via "National Vulnerability Database".
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27170 βΌ
π Read
via "National Vulnerability Database".
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.π Read
via "National Vulnerability Database".