What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-06 13:00:56 | Cisco secures IoT, keeping security closer to networking (lien direct) | The use of IoT devices in enterprises is growing exponentially. A critical concern is deploying IoT devices without requisite security controls. Being a leader in both security and networking, Cisco continues to bring security closer to networking. | Guideline | ★★ | |
 |
2023-02-06 04:15:08 | CVE-2017-20176 (lien direct) | A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204. | Vulnerability Guideline | ||
|
2023-02-06 04:15:07 | CVE-2014-125086 (lien direct) | A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207. | Vulnerability Guideline | ||
|
2023-02-06 00:15:08 | CVE-2014-125085 (lien direct) | A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-02-06 00:15:08 | CVE-2014-125084 (lien direct) | A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability. | Guideline | ||
|
2023-02-05 20:15:08 | CVE-2017-20175 (lien direct) | A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203. | Vulnerability Guideline | ||
 |
2023-02-05 10:34:44 | The Defender\'s Guide to OneNote MalDocs (lien direct) | Who's abusing it, and how to mitigate it in your environment | Guideline | ★★★★★ | |
|
2023-02-04 08:15:08 | CVE-2023-0674 (lien direct) | A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. | Vulnerability Guideline | ||
|
2023-02-04 08:15:08 | CVE-2023-0673 (lien direct) | A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195. | Vulnerability Guideline | ||
|
2023-02-04 08:15:08 | CVE-2023-0675 (lien direct) | A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability. | Guideline | ||
|
2023-02-04 08:15:07 | CVE-2018-25080 (lien direct) | A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | Guideline | ||
|
2023-02-04 08:15:07 | CVE-2019-25101 (lien direct) | A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. | Vulnerability Guideline | ||
|
2023-02-04 04:15:08 | CVE-2018-25079 (lien direct) | A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-04 04:15:08 | CVE-2015-10072 (lien direct) | A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060. | Vulnerability Guideline | ||
|
2023-02-04 00:15:08 | CVE-2013-10018 (lien direct) | A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-04 00:15:08 | CVE-2013-10017 (lien direct) | A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056. | Vulnerability Guideline | ||
 |
2023-02-03 21:41:00 | Iran-Backed Actor Behind \'Holy Souls\' Cyberattack on Charlie Hebdo, Microsoft Says (lien direct) | The January attack was in retaliation for the satirical French magazine's decision to launch a cartoon contest to lampoon Iran's Supreme Leader. | Guideline | ★★★ | |
|
2023-02-03 21:15:10 | CVE-2023-0663 (lien direct) | A vulnerability was found in Calendar Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175. | Vulnerability Guideline | ||
|
2023-02-03 20:15:09 | CVE-2013-10016 (lien direct) | A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. | Vulnerability Guideline | ||
|
2023-02-03 20:15:09 | CVE-2013-10015 (lien direct) | A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-03 18:15:16 | CVE-2023-0659 (lien direct) | A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability. | Vulnerability Guideline | ||
 |
2023-02-03 16:53:57 | Microsoft accuses Iran\'s government of cyber operation against Charlie Hebdo (lien direct) |  Microsoft says the data breach of Charlie Hebdo was retaliation for the satire publication's call for drawings of Iran's leader, Ali Khamenei. |
Data Breach Guideline | ★ | |
 |
2023-02-03 15:08:47 | Frost & Sullivan Recognizes Check Point Software Technologies as a Leader in Innovation and R&D for Cloud Native Application Protection (lien direct) | Frost & Sullivan Recognizes Check Point Software Technologies as a Leader in Innovation and R&D for Cloud Native Application Protection Check Point CloudGuard is acknowledged for its comprehensive Cloud Native Application Protection Platform (CNAPP) solution and for its fully integrated DevOps security - MAGIC QUADRANT | Guideline | ★★ | |
 |
2023-02-03 12:56:00 | New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products (lien direct) | F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP | Vulnerability Guideline | ★★ | |
 |
2023-02-03 09:00:00 | IT Leaders Reveal Cyber Fears Around ChatGPT (lien direct) | A BlackBerry survey reveals 51% of security leaders expect ChatGPT to be at the heart of a successful cyber-attack within a year | Guideline | ChatGPT | ★★★ |
 |
2023-02-03 03:19:10 | 2022 in Review: Privacy gains footholds in the US; EU continues to lead (lien direct) | 2022 saw privacy truly take hold in the U.S., while Europe buttressed its position as the global leader and other regions worked to get up-to-speed with new or amended laws. U.S. Privacy in 2022 Laws passed in 2021 and 2022 meant many U.S. companies spent the past year preparing for new privacy requirements that came into effect on January 1st in California and Virginia, with more to come out of Colorado and Connecticut in July, and Utah on December 31st. The new laws put new categories of personal data in scope (employee and B2B in California), bring new data subject rights, and GDPR-like... | Guideline | ★★ | |
|
2023-02-03 00:15:12 | CVE-2023-0658 (lien direct) | A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability. | Guideline | ||
|
2023-02-02 21:22:49 | CVE-2023-24574 (lien direct) | Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users. | Guideline | ||
 |
2023-02-02 21:11:33 | Hacking The Keys To Your Kingdom (lien direct) | >Can password managers be trusted? – Paul John Spaulding Northport, N.Y. – Feb. 2, 2023 Your passwords aren't safe. Government agencies and cybersecurity vendors recommend password managers to businesses and consumers. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) and KnowBe4, a leading security awareness | Guideline | ★★★ | |
|
2023-02-02 16:19:35 | CVE-2023-0651 (lien direct) | A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-02 15:34:00 | Cybersecurity budgets are going up. So why aren\'t breaches going down? (lien direct) | Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become | Guideline | ★★ | |
|
2023-02-02 15:17:42 | CVE-2023-0650 (lien direct) | A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-02 15:17:41 | CVE-2023-0649 (lien direct) | A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. | Vulnerability Guideline | ||
|
2023-02-02 15:17:41 | CVE-2023-0648 (lien direct) | A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035. | Vulnerability Guideline | ||
|
2023-02-02 15:17:40 | CVE-2023-0647 (lien direct) | A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-02-02 15:17:39 | CVE-2023-0646 (lien direct) | A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-02 15:00:00 | Managing the Governance Model for Software Development in a No-Code Ecosystem (lien direct) | Forward-leading business and technology leaders are seeing the value of the "do-It-yourself" approach. | Guideline | ★★★ | |
|
2023-02-02 14:50:00 | Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security (lien direct) | Current and former cybersecurity leaders from Microsoft, Google, GitLab, Check Point, OWASP, Fortinet and others have already joined the open framework initiative, which is being led by OX Security. | Guideline | ★★★★ | |
|
2023-02-02 13:15:09 | CVE-2022-46604 (lien direct) | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | Guideline | ||
|
2023-02-02 10:15:09 | CVE-2022-43665 (lien direct) | A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | Malware Vulnerability Guideline | ||
|
2023-02-02 09:15:08 | CVE-2023-0637 (lien direct) | A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability. | Guideline | ||
|
2023-02-02 09:15:08 | CVE-2023-0641 (lien direct) | A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-02 09:15:08 | CVE-2023-0639 (lien direct) | A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. | Vulnerability Guideline | ||
|
2023-02-02 09:15:08 | CVE-2023-0640 (lien direct) | A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | Vulnerability Guideline | ||
|
2023-02-02 09:15:08 | CVE-2023-0638 (lien direct) | A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-02 08:15:07 | CVE-2022-40268 (lien direct) | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. | Vulnerability Guideline | ||
 |
2023-02-02 03:50:00 | Foreign states already using ChatGPT maliciously, UK IT leaders believe (lien direct) | Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That's according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its potential to be used for malicious purposes when it comes to cybersecurity. In fact, almost half (48%) predicted that a successful cyberattack will be credited to the technology within the next 12 months. The findings follow recent research which showed how attackers can use ChatGPT to significantly enhance phishing and business email compromise (BEC) scams.To read this article in full, please click here | Guideline | ChatGPT | ★★★ |
|
2023-02-02 01:29:00 | Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility (lien direct) | Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. A | Guideline | ★★★ | |
|
2023-02-01 22:15:08 | CVE-2022-45782 (lien direct) | An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. | Guideline | ||
|
2023-02-01 22:15:08 | CVE-2022-45783 (lien direct) | An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
