🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-41784‼️

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

📖 Read more

Via "National Vulnerability Database"

211 views00:32

‼️CVE-2023-50082‼️

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.

❤1

203 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-50630‼️

Cross Site Scripting XSS vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.

198 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2022-2081‼️

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

196 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2022-3864‼️

 A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

190 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6944‼️

A flaw was found in the Red Hat Developer Hub RHDH. The catalogimport function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.

199 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-7044‼️

The Essential Addons for Elementor  Best Elementor Templates, Widgets, Kits  WooCommerce Builders plugin for WordPress is vulnerable to Stored CrossSite Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

197 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2021-40367‼️

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of usersupplied data when parsing DICOM files. This could result in an outofbounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ZDICAN15097

195 views00:32

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2021-42028‼️

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of usersupplied data when parsing BMP files. This could result in an outofbounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ZDICAN14860

190 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2021-45465‼️

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of usersupplied data when parsing BMP files. This could result in a writewhatwhere condition and an attacker could leverage this vulnerability to execute code in the context of the current process. ZDICAN15696

189 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6992‼️

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heapbased buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches The issue has been patched in commit  8352d10 httpsgithub.comcloudflarezlibcommit8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

279 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49622‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the materialbill.php?actionitemRelation resource does not validate the characters received and they are sent unfiltered to the database.

303 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49624‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the materialbill.php resource does not validate the characters received and they are sent unfiltered to the database.

264 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49625‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylisteditsubmit.php resource does not validate the characters received and they are sent unfiltered to the database.

263 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49633‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyeraddress' parameter of the buyerdetailsubmit.php resource does not validate the characters received and they are sent unfiltered to the database.

269 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49639‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customerdetails' parameter of the buyerinvoicesubmit.php resource does not validate the characters received and they are sent unfiltered to the database.

242 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49658‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bankdetails' parameter of the partysubmit.php resource does not validate the characters received and they are sent unfiltered to the database.

222 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49665‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity' parameter of the submitdeliverylist.php resource does not validate the characters received and they are sent unfiltered to the database.

230 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-49666‼️

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmerdetails' parameter of the submitmateriallist.php resource does not validate the characters received and they are sent unfiltered to the database.

235 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-50743‼️

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.

248 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-50752‼️

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

241 views00:33

About

Blog

Apps

Platform