🕴 Ransomware Group Claims Cyber Breach of Xerox Subsidiary 🕴
📖 Read
via "Dark Reading".
After Xerox cybersecurity personnel discovered the breach, they brought in third-party experts to investigate.📖 Read
via "Dark Reading".
Darkreading
Ransomware Group Claims Cyber Breach of Xerox Subsidiary
After Xerox cybersecurity personnel discovered the breach, they brought in third-party experts to investigate.
🕴 Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv 🕴
📖 Read
via "Dark Reading".
Incident prompts Ukraine's security service to ask webcam operators in country to stop live broadcasts.📖 Read
via "Dark Reading".
Darkreading
Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv
Incident prompts Ukraine's security service to ask webcam operators in country to stop live broadcasts.
‼️CVE-2023-41776‼️
📖 Read more
Via "National Vulnerability Database"
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-41779‼️
📖 Read more
Via "National Vulnerability Database"
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-41780‼️
📖 Read more
Via "National Vulnerability Database"
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-41783‼️
📖 Read more
Via "National Vulnerability Database"
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50345‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50346‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50348‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50350‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50351‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45722‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45723‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path including the file name where these files are stored on the server. 📖 Read more
Via "National Vulnerability Database"
👍1
‼️CVE-2023-45724‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50341‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by Improper Access Control Obsolete web pages vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information andor exposing a vulnerable endpoint. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50342‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50343‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by an Improper Access Control Controller APIs vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50344‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by improper access control Unauthenticated File Download vulnerability. An unauthenticated user can download certain files. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-46308‼️
📖 Read more
Via "National Vulnerability Database"
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6629‼️
📖 Read more
Via "National Vulnerability Database"
The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected CrossSite Scripting via the msg parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7027‼️
📖 Read more
Via "National Vulnerability Database"
The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored CrossSite Scripting via the device header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read more
Via "National Vulnerability Database"