βΌ CVE-2023-34059 βΌ
π Read
via "National Vulnerability Database".
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper.Γ A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46194 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist Γ’β¬β Custom Archive Templates plugin <=Γ 1.7.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46093 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <=Γ 2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34058 βΌ
π Read
via "National Vulnerability Database".
VMware Tools contains a SAML token signature bypass vulnerability.Γ A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html Γ in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .π Read
via "National Vulnerability Database".
βΌ CVE-2023-46192 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <=Γ 1.2.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44220 βΌ
π Read
via "National Vulnerability Database".
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.π Read
via "National Vulnerability Database".
π¦Ώ Protect Your Passwords for Life for Just $25 π¦Ώ
π Read
via "Tech Republic".
Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.π Read
via "Tech Republic".
TechRepublic
Get 2 Lifetime Password Manager Subscriptions for Only $50
Save your business time and money with Sticky Password Premium and get this two-account bundle for $49.99 at TechRepublic Academy.
βΌ CVE-2023-5817 βΌ
π Read
via "National Vulnerability Database".
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5774 βΌ
π Read
via "National Vulnerability Database".
The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
π Falco 0.36.2 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.36.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-5705 βΌ
π Read
via "National Vulnerability Database".
The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44376 βΌ
π Read
via "National Vulnerability Database".
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5807 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44377 βΌ
π Read
via "National Vulnerability Database".
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5570 βΌ
π Read
via "National Vulnerability Database".
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5821 βΌ
π Read
via "National Vulnerability Database".
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5820 βΌ
π Read
via "National Vulnerability Database".
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
π΄ Healey-Driscoll Awards $2.3M to CyberTrust Massachusetts to Strengthen Municipal Cybersecurity Efforts π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Healey-Driscoll Awards $2.3M to CyberTrust Massachusetts to Strengthen Municipal Cybersecurity Efforts
BOSTON β Today, the Healey-Driscoll Administration announced a $2.3 million grant through the MassTech Collaborative's MassCyberCenter to CyberTrust Massachusetts, a nonprofit dedicated to strengthening the cybersecurity ecosystem, to support cybersecurityβ¦
βΌ CVE-2023-5443 βΌ
π Read
via "National Vulnerability Database".
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46604 βΌ
π Read
via "National Vulnerability Database".
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiateΓ any class on the classpath.Γ Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46394 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.π Read
via "National Vulnerability Database".