🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-46661 ‼

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

📖 Read

via "National Vulnerability Database".
218 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-46665 ‼

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.

📖 Read

via "National Vulnerability Database".
220 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time 🕴



📖 Read

via "Dark Reading".
Dark Reading
Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time
PRESS RELEASE
224 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 SMBs Need to Balance Cybersecurity Needs and Resources 🕴

Small and midsize businesses face the same cyberattacks as enterprises, with fewer resources. Here's how to protect a company that has leaner means.

📖 Read

via "Dark Reading".
Dark Reading
SMBs Need to Balance Cybersecurity Needs and Resources
Small and midsize businesses face the same cyberattacks as enterprises, but with fewer resources. Here's how to protect a company that has leaner means.
261 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-43737 ‼

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

📖 Read

via "National Vulnerability Database".
240 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-38328 ‼

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-17879 ‼

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-16739 ‼

An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

📖 Read

via "National Vulnerability Database".
199 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-17558 ‼

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-27170 ‼

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-17878 ‼

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-43352 ‼

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

📖 Read

via "National Vulnerability Database".
257 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42406 ‼

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.

📖 Read

via "National Vulnerability Database".
322 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-44268 ‼

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

📖 Read

via "National Vulnerability Database".
425 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-17559 ‼

Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.

📖 Read

via "National Vulnerability Database".
451 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5805 ‼

A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243618 is the identifier assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
515 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-46091 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.

📖 Read

via "National Vulnerability Database".
434 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-46153 ‼

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions.

📖 Read

via "National Vulnerability Database".
429 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-44219 ‼

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.

📖 Read

via "National Vulnerability Database".
400 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-46199 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions.

📖 Read

via "National Vulnerability Database".
288 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-34057 ‼

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

📖 Read

via "National Vulnerability Database".
264 views