‼ CVE-2023-34261 ‼
📖 Read
via "National Vulnerability Database".
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42029 ‼
📖 Read
via "National Vulnerability Database".
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36034 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36620 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35896 ‼
📖 Read
via "National Vulnerability Database".
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42027 ‼
📖 Read
via "National Vulnerability Database".
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-7252 ‼
📖 Read
via "National Vulnerability Database".
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46954 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36022 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43018 ‼
📖 Read
via "National Vulnerability Database".
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36621 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34260 ‼
📖 Read
via "National Vulnerability Database".
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34259 ‼
📖 Read
via "National Vulnerability Database".
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4768 ‼
📖 Read
via "National Vulnerability Database".
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4767 ‼
📖 Read
via "National Vulnerability Database".
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4769 ‼
📖 Read
via "National Vulnerability Database".
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.📖 Read
via "National Vulnerability Database".
🕴 Oracle Enables MFA by Default on Oracle Cloud 🕴
📖 Read
via "Dark Reading".
Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.📖 Read
via "Dark Reading".
Dark Reading
Oracle Enables MFA by Default on Oracle Cloud
Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.
🕴 Considerations for Managing Digital Sovereignty: The Executive Perspective 🕴
📖 Read
via "Dark Reading".
Business leaders must frequently balance the advantages of cloud computing and the free flow of data across geographic borders with the need to abide by local laws and regulations. 📖 Read
via "Dark Reading".
Dark Reading
Considerations for Managing Digital Sovereignty: The Executive Perspective
Business leaders must frequently balance the advantages of cloud computing and the free flow of data across geographic borders with the need to abide by local laws and regulations.
🕴 Ransomware Readiness Assessments: One Size Doesn't Fit All 🕴
📖 Read
via "Dark Reading".
Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly.📖 Read
via "Dark Reading".
Dark Reading
Ransomware Readiness Assessments: One Size Doesn't Fit All
Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly.
‼ CVE-2023-4591 ‼
📖 Read
via "National Vulnerability Database".
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3277 ‼
📖 Read
via "National Vulnerability Database".
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.📖 Read
via "National Vulnerability Database".