๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.1K subscribers
88.4K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.1K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-43018 โ€ผ

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.

๐Ÿ“– Read

via "National Vulnerability Database".
292 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-36621 โ€ผ

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.

๐Ÿ“– Read

via "National Vulnerability Database".
343 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34260 โ€ผ

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.

๐Ÿ“– Read

via "National Vulnerability Database".
405 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34259 โ€ผ

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.

๐Ÿ“– Read

via "National Vulnerability Database".
449 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4768 โ€ผ

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.

๐Ÿ“– Read

via "National Vulnerability Database".
420 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4767 โ€ผ

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.

๐Ÿ“– Read

via "National Vulnerability Database".
428 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4769 โ€ผ

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

๐Ÿ“– Read

via "National Vulnerability Database".
384 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Oracle Enables MFA by Default on Oracle Cloud ๐Ÿ•ด

Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Oracle Enables MFA by Default on Oracle Cloud
Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.
338 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Considerations for Managing Digital Sovereignty: The Executive Perspective ๐Ÿ•ด

Business leaders must frequently balance the advantages of cloud computing and the free flow of data across geographic borders with the need to abide by local laws and regulations. 

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Considerations for Managing Digital Sovereignty: The Executive Perspective
Business leaders must frequently balance the advantages of cloud computing and the free flow of data across geographic borders with the need to abide by local laws and regulations. 
315 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Ransomware Readiness Assessments: One Size Doesn't Fit All ๐Ÿ•ด

Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Ransomware Readiness Assessments: One Size Doesn't Fit All
Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly.
270 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4591 โ€ผ

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.

๐Ÿ“– Read

via "National Vulnerability Database".
244 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3277 โ€ผ

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.

๐Ÿ“– Read

via "National Vulnerability Database".
239 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47445 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.

๐Ÿ“– Read

via "National Vulnerability Database".
208 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4592 โ€ผ

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking.

๐Ÿ“– Read

via "National Vulnerability Database".
201 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46808 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.

๐Ÿ“– Read

via "National Vulnerability Database".
196 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25960 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop รขโ‚ฌโ€œ Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop รขโ‚ฌโ€œ Global Dropshipping: from n/a through 1.0.0.

๐Ÿ“– Read

via "National Vulnerability Database".
248 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46859 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.

๐Ÿ“– Read

via "National Vulnerability Database".
249 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34383 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.

๐Ÿ“– Read

via "National Vulnerability Database".
255 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41652 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.

๐Ÿ“– Read

via "National Vulnerability Database".
332 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-26015 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.

๐Ÿ“– Read

via "National Vulnerability Database".
308 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-46947 โ€ผ

Subrion 4.2.1 has a remote command execution vulnerability in the backend.

๐Ÿ“– Read

via "National Vulnerability Database".
261 views