π΄ Threat Spotlight: Proportion of Malicious HTML Attachments Doubles Within a Year π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Threat Spotlight: Proportion of Malicious HTML Attachments Doubles Within a Year
The security industry has been highlighting the cybercriminal misuse of HTML for years β and evidence suggests it remains a successful and popular attack tool. Last year we reported that around one-in-five (21%) of all HTML attachments scanned by Barracudaβ¦
π΄ Moonsense Raises $4.2M in Seed Funding and Introduces Next-Gen User Behavior and Network Intelligence Solution π΄
π Read
via "Dark Reading".
Hassle-free initial trial, harnesses digital body language and source data for enhanced fraud detection.π Read
via "Dark Reading".
Dark Reading
Moonsense Raises $4.2M in Seed Funding and Introduces Next-Gen User Behavior and Network Intelligence Solution
Hassle-free initial trial, harnesses digital body language and source data for enhanced fraud detection.
βΌ CVE-2023-30205 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2069 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30300 βΌ
π Read
via "National Vulnerability Database".
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1965 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39161 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1265 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0155 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdownπ Read
via "National Vulnerability Database".
βΌ CVE-2023-24744 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.π Read
via "National Vulnerability Database".
βΌ CVE-2017-11197 βΌ
π Read
via "National Vulnerability Database".
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0485 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1836 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstancesπ Read
via "National Vulnerability Database".
βΌ CVE-2020-22429 βΌ
π Read
via "National Vulnerability Database".
redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1204 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30204 βΌ
π Read
via "National Vulnerability Database".
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26203 βΌ
π Read
via "National Vulnerability Database".
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0805 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2182 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1178 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.π Read
via "National Vulnerability Database".