🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.1K subscribers
88.5K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.1K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-47099 ‼

An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-47096 ‼

An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.

📖 Read

via "National Vulnerability Database".
210 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5889 ‼

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
222 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-47095 ‼

An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.

📖 Read

via "National Vulnerability Database".
236 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5893 ‼

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5894 ‼

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.

📖 Read

via "National Vulnerability Database".
288 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-47094 ‼

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.

📖 Read

via "National Vulnerability Database".
🤯1
307 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5516 ‼

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosinginformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.

📖 Read

via "National Vulnerability Database".
361 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download 🦿

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

📖 Read

via "Tech Republic".
TechRepublic
TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
361 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4198 ‼

Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data

📖 Read

via "National Vulnerability Database".
342 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-4197 ‼

Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.

📖 Read

via "National Vulnerability Database".
317 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42636 ‼

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

📖 Read

via "National Vulnerability Database".
275 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1718 ‼

Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".

📖 Read

via "National Vulnerability Database".
242 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42638 ‼

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

📖 Read

via "National Vulnerability Database".
213 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42750 ‼

In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-48460 ‼

In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed

📖 Read

via "National Vulnerability Database".
181 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42642 ‼

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

📖 Read

via "National Vulnerability Database".
168 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1719 ‼

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.

📖 Read

via "National Vulnerability Database".
172 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42645 ‼

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1713 ‼

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.

📖 Read

via "National Vulnerability Database".
193 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-42639 ‼

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

📖 Read

via "National Vulnerability Database".
194 views