Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware
Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called...
Month: September 2023
Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a...
It’s a Zero-day? It’s Malware? No! It’s Username and Password
As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive...
New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel...
Slimstat Analytics plugin for WordPress cross-site scripting | CVE-2023-4597
NAME__________Slimstat Analytics plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Slimstat Analytics plugin for WordPress 5.0.9Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Slimstat Analytics plugin for...
GitPython local file include | CVE-2023-41040
NAME__________GitPython local file includePlatforms Affected:GitPython GitPython 3.1.32Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GitPython could allow a remote attacker to include arbitrary files. A...
LibTIFF denial of service | CVE-2023-40745
NAME__________LibTIFF denial of servicePlatforms Affected:LibTIFF LibTIFF 4.5.1Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________LibTIFF is vulnerable to a denial of service, caused by...
Email Encoder Plugin for WordPress cross-site scripting | CVE-2023-4599
NAME__________Email Encoder Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Email Encoder Plugin for WordPress 2.1.7Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Email Encoder Plugin for...
Brocade Fabric OS denial of service | CVE-2023-4163
NAME__________Brocade Fabric OS denial of servicePlatforms Affected:Broadcom Brocade Fabric OSRisk Level:4.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Brocade Fabric OS is vulnerable to a...
LibTIFF denial of service | CVE-2023-41175
NAME__________LibTIFF denial of servicePlatforms Affected:LibTIFF LibTIFF 4.5.1Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________LibTIFF is vulnerable to a denial of service, caused by...
Forminator Plugin for WordPress file upload | CVE-2023-4596
NAME__________Forminator Plugin for WordPress file uploadPlatforms Affected:WPMU DEV Forminator plugin for WordPress 1.24.6Risk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Forminator Plugin for WordPress could...
Obfuscate Email module for Drupal cross-site scripting |
NAME__________Obfuscate Email module for Drupal cross-site scriptingPlatforms Affected:Drupal Obfuscate Email module for Drupal 2.0.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Obfuscate Email module for...
Codecanyon Foodiee Online Food Ordering Web Application cross-site scripting |
NAME__________Codecanyon Foodiee Online Food Ordering Web Application cross-site scriptingPlatforms Affected:Codecanyon Foodiee - Online Food Ordering Web Application 1.0.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting...
Splunk Enterprise code execution | CVE-2023-40597
NAME__________Splunk Enterprise code executionPlatforms Affected:Splunk Splunk Enterprise 9.0.5 Splunk Splunk Enterprise 8.2.11 Splunk Splunk Enterprise 9.1.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Splunk Enterprise...
Splunk Enterprise denial of service | CVE-2023-40593
NAME__________Splunk Enterprise denial of servicePlatforms Affected:Splunk Splunk Enterprise 9.0.5 Splunk Splunk Enterprise 8.2.11 Splunk Splunk Enterprise 9.1.0Risk Level:6.3Exploitability:UnprovenConsequences:Denial of Service...
Splunk Enterprise code execution | CVE-2023-40596
NAME__________Splunk Enterprise code executionPlatforms Affected:Splunk Splunk Enterprise 9.0.5 Splunk Splunk Enterprise 8.2.11 Splunk Splunk Enterprise 9.1.0Risk Level:7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Splunk Enterprise...
Brocade Fabric OS denial of service | CVE-2023-4162
NAME__________Brocade Fabric OS denial of servicePlatforms Affected:Broadcom Brocade Fabric OSRisk Level:4.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Brocade Fabric OS is vulnerable to a...
IBM Security Verify Information Queue information disclosure | CVE-2023-33834
NAME__________IBM Security Verify Information Queue information disclosurePlatforms Affected:IBM Security Verify Information Queue 10.0.4 IBM Security Verify Information Queue 10.0.5Risk Level:5.3Exploitability:UnprovenConsequences:Obtain...
Easy Address Book Web Server cross-site scripting | CVE-2023-4493
NAME__________Easy Address Book Web Server cross-site scriptingPlatforms Affected:EFS Software Easy Address Book Web Server 1.6Risk Level:6.1Exploitability:HighConsequences:Gain Access DESCRIPTION__________Easy Address Book...
Easy Address Book Web Server cross-site scripting | CVE-2023-4496
NAME__________Easy Address Book Web Server cross-site scriptingPlatforms Affected:EFS Software Easy Address Book Web Server 1.6Risk Level:6.1Exploitability:HighConsequences:Gain Access DESCRIPTION__________Easy Address Book...
neutrinolabs xrdp denial of service | CVE-2023-40184
NAME__________neutrinolabs xrdp denial of servicePlatforms Affected:neutrinolabs xrdp 0.9.22.1Risk Level:2.6Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________neutrinolabs xrdp is vulnerable to a denial of service,...
Splunk Enterprise denial of service | CVE-2023-40594
NAME__________Splunk Enterprise denial of servicePlatforms Affected:Splunk Splunk Enterprise 9.0.5 Splunk Splunk Enterprise 8.2.11 Splunk Splunk Enterprise 9.1.0Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service...
BorgBackup security bypass | CVE-2023-36811
NAME__________BorgBackup security bypassPlatforms Affected:BorgBackup BorgBackup 1.2.4Risk Level:4.7Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________BorgBackup could allow a local authenticated attacker to bypass security restrictions, caused...
Easy Address Book Web Server cross-site scripting | CVE-2023-4497
NAME__________Easy Address Book Web Server cross-site scriptingPlatforms Affected:EFS Software Easy Address Book Web Server 1.6Risk Level:6.1Exploitability:HighConsequences:Gain Access DESCRIPTION__________Easy Address Book...
