‼ CVE-2023-46570 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46467 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46569 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5426 ‼
📖 Read
via "National Vulnerability Database".
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5425 ‼
📖 Read
via "National Vulnerability Database".
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45897 ‼
📖 Read
via "National Vulnerability Database".
exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46854 ‼
📖 Read
via "National Vulnerability Database".
Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5836 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5837 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33636 ‼
📖 Read
via "National Vulnerability Database".
When the isula load command is used to load malicious images, attackers can execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33637 ‼
📖 Read
via "National Vulnerability Database".
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33635 ‼
📖 Read
via "National Vulnerability Database".
When malicious images are pulled by isula pull, attackers can execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33638 ‼
📖 Read
via "National Vulnerability Database".
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33634 ‼
📖 Read
via "National Vulnerability Database".
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.📖 Read
via "National Vulnerability Database".
‼ CVE-2005-10002 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.📖 Read
via "National Vulnerability Database".
‼ CVE-2007-10003 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803.📖 Read
via "National Vulnerability Database".
🕴 CISO Skills in a Changing Security Market: Are You Prepared? 🕴
📖 Read
via "Dark Reading".
The CISO role has evolved from a strictly technical position to one that increasingly requires business acumen. Here are some things you need to know.📖 Read
via "Dark Reading".
Dark Reading
CISO Skills in a Changing Security Market: Are You Prepared?
The CISO role has evolved from a strictly technical position to one that increasingly requires business acumen. Here are some things you need to know.
👍1
🕴 Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too 🕴
📖 Read
via "Dark Reading".
With the rapid advancement and adoption of artificial intelligence (AI) in cybersecurity, the benefits of speed and accuracy are becoming clearer every day.📖 Read
via "Dark Reading".
Dark Reading
Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too
With the rapid advancement and adoption of artificial intelligence (AI) in cybersecurity, the benefits of speed and accuracy are becoming clearer every day.
🕴 Securing Modern Enterprises in a Borderless Landscape 🕴
📖 Read
via "Dark Reading".
CISOs offer recommendations to help secure identities, data, code, and cloud infrastructure and protect against evolving threats and vulnerabilities.📖 Read
via "Dark Reading".
Dark Reading
Securing Modern Enterprises in a Borderless Landscape
CISOs offer recommendations to help secure identities, data, code, and cloud infrastructure and protect against evolving threats and vulnerabilities.
🛠 Zeek 6.0.2 🛠
📖 Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 6.0.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 What the Boardroom Is Missing: CISOs 🕴
📖 Read
via "Dark Reading".
From communicating why security should be a priority to advocating for accountability and greater focus on protecting data in the cloud, CISOs can make the case for keeping people and sensitive data secure.📖 Read
via "Dark Reading".
Dark Reading
What the Boardroom Is Missing: CISOs
From communicating why security should be a priority to advocating for accountability and greater focus on protecting data in the cloud, CISOs can make the case for keeping people and sensitive data secure.