What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-20 17:15:11 | CVE-2015-10081 (lien direct) | A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The name of the patch is a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495. | Vulnerability Guideline | ||
|
2023-02-20 17:15:11 | CVE-2016-15027 (lien direct) | A vulnerability was found in meta4creations Post Duplicator Plugin 2.18. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496. | Vulnerability Guideline | ||
|
2023-02-20 17:15:11 | CVE-2021-32847 (lien direct) | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f. | Vulnerability Guideline | ||
|
2023-02-20 11:15:12 | CVE-2016-15026 (lien direct) | A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-20 10:15:12 | CVE-2016-15025 (lien direct) | A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484. | Vulnerability Guideline | ||
|
2023-02-20 10:15:12 | CVE-2015-10080 (lien direct) | A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487. | Vulnerability Guideline | ||
|
2023-02-20 08:15:10 | CVE-2014-125088 (lien direct) | A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488. | Vulnerability Guideline | ||
 |
2023-02-20 07:48:56 | February 27 to March 4, 2023: SANS Institute to Enhance Regional Security Awareness with SANS Dubai February 2023 (lien direct) | SANS Institute to Enhance Regional Security Awareness with SANS Dubai February 2023 The world-leading cybersecurity training provider will also be present at the Gartner Security & Risk Management Summit in Dubai from 27-28 February 2023 - EVENTS | Guideline | ★★ | |
|
2023-02-20 07:15:22 | CVE-2013-10019 (lien direct) | A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-20 07:15:21 | CVE-2012-10008 (lien direct) | A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483. | Vulnerability Guideline | ||
|
2023-02-19 18:15:10 | CVE-2016-15024 (lien direct) | A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-19 17:15:11 | CVE-2014-125087 (lien direct) | A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480. | Vulnerability Guideline | ||
|
2023-02-19 16:15:16 | CVE-2012-10007 (lien direct) | A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479. | Vulnerability Guideline | ||
|
2023-02-19 09:15:11 | CVE-2023-0918 (lien direct) | A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-19 09:15:11 | CVE-2023-0917 (lien direct) | A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability. | Guideline | ||
|
2023-02-19 09:15:11 | CVE-2023-0916 (lien direct) | A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491. | Vulnerability Guideline | ||
|
2023-02-19 09:15:10 | CVE-2023-0915 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-18 20:15:11 | CVE-2023-0913 (lien direct) | A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-18 20:15:11 | CVE-2023-0912 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-18 09:15:10 | CVE-2023-0910 (lien direct) | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_prod.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-221476. | Vulnerability Guideline | ||
|
2023-02-18 09:15:10 | CVE-2023-0909 (lien direct) | A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475. | Vulnerability Guideline | ||
|
2023-02-18 08:15:42 | CVE-2023-0906 (lien direct) | A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. | Vulnerability Guideline | ||
|
2023-02-18 08:15:42 | CVE-2023-0903 (lien direct) | A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452. | Vulnerability Guideline | ||
|
2023-02-18 08:15:42 | CVE-2023-0908 (lien direct) | A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability. | Guideline | ||
|
2023-02-18 08:15:42 | CVE-2023-0905 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-18 08:15:42 | CVE-2023-0902 (lien direct) | A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451. | Vulnerability Guideline | ||
|
2023-02-18 08:15:42 | CVE-2023-0904 (lien direct) | A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-18 08:15:42 | CVE-2023-0907 (lien direct) | A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is some unknown functionality in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456. | Vulnerability Guideline | ||
|
2023-02-17 23:15:12 | CVE-2021-32846 (lien direct) | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba. | Guideline | ||
|
2023-02-17 23:15:11 | CVE-2021-32843 (lien direct) | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4. | Guideline | ||
|
2023-02-17 23:15:11 | CVE-2021-32844 (lien direct) | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13. | Guideline | ||
|
2023-02-17 23:15:11 | CVE-2021-32845 (lien direct) | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948. | Guideline | ||
 |
2023-02-17 23:05:00 | Is OWASP at Risk of Irrelevance? (lien direct) | A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development. | Guideline | ★★ | |
|
2023-02-17 22:15:13 | CVE-2023-22231 (lien direct) | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-02-17 22:15:13 | CVE-2023-22233 (lien direct) | After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-02-17 22:15:12 | CVE-2023-21584 (lien direct) | FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-02-17 22:15:12 | CVE-2023-21620 (lien direct) | FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-02-17 22:15:12 | CVE-2023-21577 (lien direct) | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-02-17 22:15:12 | CVE-2023-21583 (lien direct) | Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-02-17 22:15:12 | CVE-2023-21578 (lien direct) | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2023-02-17 19:15:11 | CVE-2022-43579 (lien direct) | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684. | Vulnerability Guideline | ||
|
2023-02-17 17:15:11 | CVE-2023-22868 (lien direct) | IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117. | Vulnerability Guideline | ||
|
2023-02-17 15:15:12 | CVE-2023-23899 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin | Vulnerability Guideline | ||
 |
2023-02-17 11:16:00 | Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (lien direct) | Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and | Vulnerability Guideline | ★★★★ | |
|
2023-02-17 09:15:15 | CVE-2023-0887 (lien direct) | A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351. | Vulnerability Guideline | ||
|
2023-02-17 09:15:14 | CVE-2023-0883 (lien direct) | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-16 15:15:18 | CVE-2023-22580 (lien direct) | Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | Guideline | ||
|
2023-02-16 10:15:11 | CVE-2023-0862 (lien direct) | The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 before 4.6.72.101, from 4.6.73.0 before 4.6.73.101. | Guideline | ||
|
2023-02-16 09:14:09 | Mike Sentonas promu au poste de Président de CrowdStrike (lien direct) | Mike Sentonas promu au poste de Président de CrowdStrike Sous la direction de Mike Sentonas, le leader de la cybersécurité réunit les fonctions de développement de marché et de produits et lui confie le pilotage du prochain chapitre de croissance. - Business | Guideline | ★ | |
|
2023-02-16 09:11:43 | Dr. Cindy Vestergaard is RKVST\'s new vice president special projects and external relations (lien direct) | Dr. Cindy Vestergaard is RKVST's new vice president special projects and external relations Nuclear sector and global security blockchain expert joins leader in trustworthy digital archives and supply chain integrity, transparency and trust - Business News | Guideline | ★★ |
To see everything:
Our RSS (filtrered)
