PT-2023-9274 · Superagi · Superagi

Name of the Vulnerable Software and Affected Versions: SuperAGI versions all Description: The issue is related to the incorrect management of code generation in the eval function of the SuperAGI framework, which can be exploited by a remote attacker to execute arbitrary code and gain full control...

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial...

PT-2023-30703 · Smartertools · Smartermail

Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions 8495 through 8664 Description: The issue allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows...

Expanded Coverage and AWS Compliance Pack Updates in InsightCloudSec Coming Out of AWS Re:Invent 2023

It seems like it was just yesterday that we were in Las Vegas for AWS Re:Invent, but it’s already been almost two weeks since the conference wrapped up. As is always the case, AWS unveiled a host of new services throughout the week, including advancements around serverless, artificial intelligenc...

Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2023-99993)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to potentially cause arbitrary code to be executed in the current user's context...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0118434)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-49739

Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23...

RCE (Remote Code Execution) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server

This High severity org.jvnet.hudson:xstream Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This org.jvnet.hudson:xstream Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...

DoS (Denial of Service) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server

This High severity org.jvnet.hudson:xstream Dependency vulnerability was introduced in versions 9.2.1 of Bamboo Data Center and Server. This org.jvnet.hudson:xstream Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

CVE-2023-49739

PowerPack Pro for Elementor (WordPress plugin) has a reflected Cross-Site Scripting (XSS) vulnerability affecting versions

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company...

DoS (Denial of Service) org.json:json Dependency in Bamboo Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 9.2.3, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

PT-2023-31316 · [Vendor] · [Product]

Name of the Vulnerable Software and Affected Versions: PRODUCT version VERSION Description: A problem in COMPONENT of VENDOR PRODUCT on PLATFORMS allows ATTACKER to IMPACT via VECTOR. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

The vulnerability of the microprogrammed software of the FXC AE1021 and FXC AE1021PE routers lies in the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed routing devices FXC AE1021 and FXC AE1021PE lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CLSA-2023-1702495193 openssl: Fix of CVE-2023-5363

CVE-2023-5363: evp: process key length and iv length early if present...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A cross-site scripting vulnerability exists in Fortinet FortiSandbox that stem...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. An attacker with access to the backoffice can upload malicious SVG files containing scripts, which may be executed if another user is tricked into loadi...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...