SA-2023-08-08-CVE-2023-35083

SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35083 Full details. Please log into the...

PT-2023-24025 · Nxlog · Nxlog Manager

Name of the Vulnerable Software and Affected Versions: NXLog Manager version 5.6.5633 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. This is due to the lack o...

thebasementcanberra.com.au Cross Site Scripting vulnerability OBB-3704338

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

gucce.com.au Cross Site Scripting vulnerability OBB-3701284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

c-mirai.org Cross Site Scripting vulnerability OBB-3689851

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aristocratflower.ru Cross Site Scripting vulnerability OBB-3683716

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

winkelled.com Cross Site Scripting vulnerability OBB-3678078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The main causes of ransomware reinfection

A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third 38% of surveyed organizations fell victim ...

PT-2023-26657 · Decode · Openstamanager

Name of the Vulnerable Software and Affected Versions: DevCode OpenSTAManager versions 2.4.24 through 2.4.47 Description: A reflected cross-site scripting XSS vulnerability may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload...

knitterchat.com Cross Site Scripting vulnerability OBB-3627592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-26615 · Netis Systems · Netis Systems Wf2409E

Name of the Vulnerable Software and Affected Versions: NETIS SYSTEMS WF2409E version 3.6.42541 Description: An issue in the diagnostic tools component of the admin management interface allows a remote attacker to execute arbitrary code via the ping and traceroute functions. Recommendations: For...

PT-2023-27688 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetStaticRouteCfg" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...

PT-2023-4809 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.9 XWiki Platform versions prior to 15.4RC1 Description: The create action in XWiki Platform is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with...

SUSE CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

Cloudflare Tunnel increasingly abused by cybercriminals

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. Cybercriminals are increasingly using this service to keep their activities from being detected. Cloudflare Tunnel, also known by its executable name, Cloudflared,...

CVE-2023-39518 social-media-skeleton stored Cross-site Scripting vulnerability

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

PT-2023-26601 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0,...

PT-2023-26078 · Unknown · Maid Hiring Management System

Name of the Vulnerable Software and Affected Versions: Maid Hiring Management System version 1.0 Description: The issue is related to a SQL injection vulnerability found in the Search Maid page. This vulnerability could potentially allow unauthorized access to sensitive data. Recommendations: For...

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

PT-2023-5758 · Unknown · Connected Io

Name of the Vulnerable Software and Affected Versions: Connected IO versions 2.1.0 and prior Description: The issue is related to an argument injection vulnerability in the iptables command message of the communication protocol. This vulnerability enables attackers to execute arbitrary OS command...