CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on August 15, 2023. These...
Month: August 2023
CISA: CISA Releases Twelve Industrial Control Systems Advisories
CISA Releases Twelve Industrial Control Systems Advisories CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These...
CISA: CISA Releases Three Industrial Control Systems Advisories
CISA Releases Three Industrial Control Systems Advisories CISA released three Industrial Control Systems (ICS) advisories on August 17, 2023. These...
CISA: Atlassian Releases Security Update for Confluence Server and Data Center
Atlassian Releases Security Update for Confluence Server and Data Center Atlassian has released its security bulletin for August 2023 to...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...
CISA: Juniper Releases Security Advisory for Multiple Vulnerabilities in Junos OS
Juniper Releases Security Advisory for Multiple Vulnerabilities in Junos OS Juniper has released a security advisory to address vulnerabilities in...
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A cyber...
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
Xsubfind3R – A CLI Utility To Find Domain’S Known Subdomains From Curated Passive Online Sources
xsubfind3r is a command-line interface (CLI) utility to find domain's known subdomains from curated passive online sources. Features Fetches domains...
New Juniper Junos OS Flaws Expose Devices to Remote Attacks – Patch Now
Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of...
Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according...
WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct...
phpRecDB cross-site scripting | CVE-2023-4371
NAME__________phpRecDB cross-site scriptingPlatforms Affected:phpRecDB phpRecDB 1.3.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________phpRecDB is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Dell BIOS security bypass | CVE-2023-32453
NAME__________Dell BIOS security bypassPlatforms Affected:Dell BIOSRisk Level:4.6Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Dell BIOS could allow a physically proximate authenticated attacker to bypass security...
MOXA TN-4900 Series and TN-5900 Series routers code execution | CVE-2023-34214
NAME__________MOXA TN-4900 Series and TN-5900 Series routers code executionPlatforms Affected:MOXA TN-5900 Series 3.3 MOXA TN-4900 Series 1.2.4Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________MOXA...
MOXA TN-4900 Series and TN-5900 Series routers code execution | CVE-2023-33238
NAME__________MOXA TN-4900 Series and TN-5900 Series routers code executionPlatforms Affected:MOXA TN-5900 Series 3.3 MOXA TN-4900 Series 1.2.4Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________MOXA...
Cisco P Phone 6800, 7800, and 8800 Series cross-site request forgery | CVE-2023-20237
NAME__________Cisco P Phone 6800, 7800, and 8800 Series cross-site request forgeryPlatforms Affected:Cisco IP Phone 6800 Series Phones with Multiplatform Firmware...
SchoolMate SQL injection | CVE-2023-39850
NAME__________SchoolMate SQL injectionPlatforms Affected:SchoolMate SchoolMate 1.3Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________SchoolMate is vulnerable to SQL injection. A remote attacker could send specially...
WebChess SQL injection | CVE-2023-39851
NAME__________WebChess SQL injectionPlatforms Affected:WebChess WebChess 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________WebChess is vulnerable to SQL injection. A remote attacker could send specially...
Parsec Loader privilege escalation | US-CERT VU#287122
NAME__________Parsec Loader privilege escalationPlatforms Affected:Parsec Parsec Loader 7Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Parsec Loader could allow a local authenticated attacker to gain...
Control iD Gerencia Web information disclosure | CVE-2023-4392
NAME__________Control iD Gerencia Web information disclosurePlatforms Affected:Control iD Gerencia Web 1.30Risk Level:3.7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Control iD Gerencia Web could allow a...
tdevs Hyip Rio cross-site scripting | CVE-2023-4382
NAME__________tdevs Hyip Rio cross-site scriptingPlatforms Affected:tdevs Hyip Rio 2.1Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________tdevs Hyip Rio is vulnerable to cross-site scripting, caused...
Microsoft Edge (Chromium-based) information disclosure | CVE-2023-38158
NAME__________Microsoft Edge (Chromium-based) information disclosurePlatforms Affected:Microsoft Edge (Chromium-based)Risk Level:3.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Microsoft Edge (Chromium-based) could allow a remote attacker to obtain...
Doctor Appointment System SQL injection | CVE-2023-39852
NAME__________Doctor Appointment System SQL injectionPlatforms Affected:Sourcecodester Doctor Appointment System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Doctor Appointment System is vulnerable to SQL injection....
