Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.24 and earlier versions,...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

CVE-2023-29043

CVE-2023-29043 describes a vulnerability where presentations may contain references to images that are user-controlled, allowing script code to be processed during document editing. The encoding of the relevant attribute is intended to avoid script execution. Concrete details from connected docs ...

The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to carry out spoofing attacks.

The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the Microsoft OneNote note-taking software, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft OneNote note-taking software relates to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

The vulnerability of Microsoft SharePoint Server’s software packages, related to errors in information presentation on the user interface, allows attackers to perform spoofing attacks.

The vulnerability of Microsoft SharePoint Server packages is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

The vulnerability of the Microsoft .NET Framework software, related to errors in user interface information representation, allows attackers to perform spear-phishing attacks.

Vulnerability of the Microsoft .NET Framework software platform, related to errors in user interface information presentation. Exploitation of this vulnerability can allow attackers to perform spear-phishing attacks remotely...

The vulnerability of Microsoft SharePoint Server’s software packages, related to errors in information presentation on the user interface, allows attackers to perform spoofing attacks.

The vulnerability of Microsoft SharePoint Server packages is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

The vulnerability of the Microsoft Outlook email client, related to errors in information presentation by the user interface, allows a hacker to perform a spoofing attack.

The vulnerability of the Microsoft Outlook email client is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

Blind SSRF When Uploading Presentation (mitigation bypass)

Description This is actually a bypass of CVE-2023-33176 when i able to perform SSRF to internal network. Proof of Concept As we already know, we can upload files via api /bigbluebutton/api/insertDocument using a remote url. PresentationUrlDownloadServicesavePresentation is the method to handle th...

How To Present SecOps Metrics (The Right Way)

SecOps metrics can be a gold mine of potential for informing better business decisions, but 78% of CEOs say they don’t have adequate data on risk exposure to make good decisions. Even when they do see the right data, 82% are inclined to “trust their gut” anyway. Here lies the disconnect between...

The vulnerability of the Microsoft OneNote note-taking software, related to errors in information presentation on the user interface, allows a hacker to perform spoofing attacks.

The vulnerability of the Microsoft OneNote note-taking software relates to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...

[Lost Bots] S03 E04 A Security Leader’s Playbook for the C-suite

!\Lost Bots\ S03 E04 A Security Leader’s Playbook for the C-suitehttps://blog.rapid7.com/content/images/2023/07/The-Lost-Bots-logo-large.png In a special two-part “Lost Bots,” hosts Jeffrey Gardner and Stephen Davis talk about presenting cybersecurity results up the org chart. Both have handled...

CVE-2023-33176 Blind SSRF When Uploading Presentation in BigBlueButton

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery SSRF vulnerability. In an insertDocument API request the user is able to supply a URL from which the presentation should be...

CVE-2023-33176 Blind SSRF When Uploading Presentation in BigBlueButton

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery SSRF vulnerability. In an insertDocument API request the user is able to supply a URL from which the presentation should be...

CVE-2023-33176

BigBlueButton (BBB) SSRF vulnerability (CVE-2023-33176) enables server-side request forgery via the insertDocument URL for presentation downloads. The public descriptions describe that the URL supplied could be used without proper validation, leading to SSRF. A patch updated PresentationUrlDownlo...

PT-2023-24192 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton affected versions not specified Description: BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions, a Server-Side Request Forgery SSRF vulnerability exists. Th...

The vulnerability of the Microsoft Dynamics 365 for Finance and Operations resource planning software, related to errors in the user interface’s information presentation, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Dynamics 365 for Finance and Operations resource planning software is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

The vulnerability of the Azure DevOps Server software, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Azure DevOps Server software relates to errors in information presentation by the user interface. Exploiting this vulnerability could allow a malicious actor to perform spear-phishing attacks remotely...