βΌ CVE-2023-45323 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.Γ The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45344 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46725 βΌ
π Read
via "National Vulnerability Database".
FoodCoopShop is open source software for food coops and local shops. Versions prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45331 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29045 βΌ
π Read
via "National Vulnerability Database".
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45333 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.π Read
via "National Vulnerability Database".
π΄ Saudi Aramco CEO Warns of New Threat of Generative AI π΄
π Read
via "Dark Reading".
Oil executive Amin H. Nasser calls for global cooperation and international standards to combat the dark side of artificial intelligence.π Read
via "Dark Reading".
Dark Reading
Saudi Aramco CEO Warns of New Threat of Generative AI
Oil executive Amin H. Nasser calls for global cooperation and international standards to combat the dark side of artificial intelligence.
βΌ CVE-2023-46925 βΌ
π Read
via "National Vulnerability Database".
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-38473 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4900 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4217 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5035 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-5846 βΌ
π Read
via "National Vulnerability Database".
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.π Read
via "National Vulnerability Database".
π¦Ώ Could Australiaβs Cybersecurity Strategy Benefit From More Data Science Rigour? π¦Ώ
π Read
via "Tech Republic".
The success of Australiaβs six-shield cybersecurity strategy could depend on how well the nation manages the vast pools of data that will underpin the identification and mitigation of cyberthreats.π Read
via "Tech Republic".
TechRepublic
Could Australiaβs Cyber Security Strategy Benefit From More Data Science Rigour?
The success of Australiaβs six-shield cyber security strategy could depend on how well the nation manages the vast pools of data that will underpin the identification and mitigation of cyber threats.
π΄ Upgraded Kazuar Backdoor Offers Stealthy Power π΄
π Read
via "Dark Reading".
The obscure Kazuar backdoor used by Russian attack group Turla has resurfaced, and it's more dangerous than ever.π Read
via "Dark Reading".
Dark Reading
Upgraded Kazuar Backdoor Offers Stealthy Power
The obscure Kazuar backdoor used by Russian attack group Turla has resurfaced, and it's more dangerous than ever.
βΌ CVE-2023-31018 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5924 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31027 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31023 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5923 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31020 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.π Read
via "National Vulnerability Database".