โผ CVE-2022-46808 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25960 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop รขโฌโ Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop รขโฌโ Global Dropshipping: from n/a through 1.0.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-46859 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-34383 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41652 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26015 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46947 โผ
๐ Read
via "National Vulnerability Database".
Subrion 4.2.1 has a remote command execution vulnerability in the backend.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47426 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45805 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-5707 โผ
๐ Read
via "National Vulnerability Database".
The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3961 โผ
๐ Read
via "National Vulnerability Database".
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5945 โผ
๐ Read
via "National Vulnerability Database".
The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47588 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.๐ Read
via "National Vulnerability Database".
๐ด Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons ๐ด
๐ Read
via "Dark Reading".
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.๐ Read
via "Dark Reading".
Dark Reading
Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
โผ CVE-2023-5946 โผ
๐ Read
via "National Vulnerability Database".
The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5088 โผ
๐ Read
via "National Vulnerability Database".
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.๐ Read
via "National Vulnerability Database".
๐ฆฟ What Is a VPN? Definition, How It Works, and More ๐ฆฟ
๐ Read
via "Tech Republic".
A VPN (virtual private network) encrypts your internet traffic and protects your online privacy. Find out how it works and why you should use it.๐ Read
via "Tech Republic".
TechRepublic
What Is a VPN? Definition, How It Works, and More
A VPN (virtual private network) encrypts your internet traffic and protects your online privacy. Find out how it works and why you should use it.
๐ด Somebody Just Killed the Mozi Botnet ๐ด
๐ Read
via "Dark Reading".
The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear.๐ Read
via "Dark Reading".
Dark Reading
Somebody Just Killed the Mozi Botnet
The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear.
๐ด 'KandyKorn' macOS Malware Lures Crypto Engineers ๐ด
๐ Read
via "Dark Reading".
Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.๐ Read
via "Dark Reading".
Dark Reading
'KandyKorn' macOS Malware Lures Crypto Engineers
Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.
๐ด Okta Customer Support Breach Exposed Data on 134 Companies ๐ด
๐ Read
via "Dark Reading".
1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says. ๐ Read
via "Dark Reading".
Dark Reading
Okta Customer Support Breach Exposed Data on 134 Companies
1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says.
๐ฆฟ EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation ๐ฆฟ
๐ Read
via "Tech Republic".
In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining. Get tips on mitigating this cybersecurity threat.๐ Read
via "Tech Republic".
TechRepublic
EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation
In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining.
๐ฅ1