🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52269‼️

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.

607 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52275‼️

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to datacom.android.gallery3d.privatealbum.encryptfiles and guessing the correct image file extension.

604 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52277‼️

Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service Heap Memory Corruption and application crash or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection.

543 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2021-46900‼️

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.

487 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52284‼️

Bytecode Alliance wasmmicroruntime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled.

392 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2021-46901‼️

examples6lbrapps6lbrwebserverhttpd.c in CETIC6LBR aka 6lbr 1.5.0 has a strcat stackbased buffer overflow via a request for a long URL over a 6LoWPAN network.

273 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52286‼️

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.phpapiinstallgetdbinfo request, a related issue to CVE202342387.

261 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7130‼️

A vulnerability has been found in codeprojects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument user leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB249133 was assigned to this vulnerability.

257 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-39157‼️

Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor from na through 2.6.10.

248 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52181‼️

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user from na through 1.0.1.

254 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52182‼️

Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz  WordPress Quizzes Builder.This issue affects ARI Stream Quiz  WordPress Quizzes Builder from na through 1.3.0.

246 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6093‼️

 A vulnerability has been identified in OnCell G3150ALTE Series firmware versions v1.3 and prior.  The vulnerability result from incorrectly restricts frame objects, which lead to user confusion about which interface the user is interacting with.  This vulnerability may lead attacker to trick user into interacting with the application.

253 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6094‼️

 A vulnerability has been identified in OnCell G3150ALTE Series firmware versions v1.3 and prior.  The vulnerability results from a lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information.   This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.

293 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49777‼️

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product AddOns.This issue affects YITH WooCommerce Product AddOns from na through 4.3.0.

236 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52180‼️

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe Maker For Your Food Blog from Zip Recipes from na through 8.1.0.

235 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7183‼️

A vulnerability has been found in 7card Fakabao up to 1.0build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shopalipaynotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB249385 was assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.

217 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7184‼️

A vulnerability was found in 7card Fakabao up to 1.0build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shopnotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB249386 is the identifier assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.

229 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7185‼️

A vulnerability was found in 7card Fakabao up to 1.0build20230805. It has been classified as critical. This affects an unknown part of the file shopwxpaynotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249387. NOTE The vendor was contacted early about this disclosure but did not respond in any way.

317 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7186‼️

A vulnerability was found in 7card Fakabao up to 1.0build20230805. It has been declared as critical. This vulnerability affects unknown code of the file membernotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249388. NOTE The vendor was contacted early about this disclosure but did not respond in any way.

242 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7187‼️

A vulnerability was found in Totolink N350RT 9.3.5u.6139B20201216. It has been rated as critical. This issue affects some unknown processing of the file cgibincstecgi.cgi?actionloginflagie8 of the component HTTP POST Request Handler. The manipulation leads to stackbased buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB249389 was assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.

294 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7188‼️

A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file memberlogin.php. The manipulation of the argument Mpwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB249390 is the identifier assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.

227 views00:32

About

Blog

Apps

Platform