πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46664 β€Ό

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46747 β€Ό

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.Γ‚ Γ‚ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46748 β€Ό

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.Γ‚ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33558 β€Ό

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.

πŸ“– Read

via "National Vulnerability Database".
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44267 β€Ό

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.Γ‚ Γ‚ The 'lnm' parameter of the header.php resourceΓ‚ does not validate the characters received and theyΓ‚ are sent unfiltered to the database.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46661 β€Ό

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46665 β€Ό

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time πŸ•΄



πŸ“– Read

via "Dark Reading".
Dark Reading
Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time
PRESS RELEASE
224 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ SMBs Need to Balance Cybersecurity Needs and Resources πŸ•΄

Small and midsize businesses face the same cyberattacks as enterprises, with fewer resources. Here's how to protect a company that has leaner means.

πŸ“– Read

via "Dark Reading".
Dark Reading
SMBs Need to Balance Cybersecurity Needs and Resources
Small and midsize businesses face the same cyberattacks as enterprises, but with fewer resources. Here's how to protect a company that has leaner means.
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43737 β€Ό

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38328 β€Ό

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-17879 β€Ό

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

πŸ“– Read

via "National Vulnerability Database".
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-16739 β€Ό

An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-17558 β€Ό

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

πŸ“– Read

via "National Vulnerability Database".
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27170 β€Ό

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-17878 β€Ό

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43352 β€Ό

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

πŸ“– Read

via "National Vulnerability Database".
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42406 β€Ό

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.

πŸ“– Read

via "National Vulnerability Database".
322 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44268 β€Ό

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

πŸ“– Read

via "National Vulnerability Database".
425 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-17559 β€Ό

Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.

πŸ“– Read

via "National Vulnerability Database".
451 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5805 β€Ό

A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243618 is the identifier assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
515 views