#auth

CVE-2023-45585: Fortiguard

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

1 year ago

CVE

Open in Source

#vulnerability #auth

CVE-2023-26205: Fortiguard

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

1 year ago

CVE

Open in Source

#vulnerability #auth

CVE-2023-34991: Fortiguard

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.

1 year ago

CVE

Open in Source

#sql #vulnerability #auth

CVE-2023-36028

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

1 year ago

CVE

Open in Source

#vulnerability #microsoft #rce #auth

CVE-2023-47660: WordPress Product Visibility by Country for WooCommerce plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #wordpress #auth

CVE-2023-47659: WordPress Lava Directory Manager plugin <= 1.1.34 - Contributor+ stored Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #wordpress #auth

Asian Americans Raise Alarm Over ‘Chilling Effects’ of Section 702 Surveillance Program

More than 60 groups advocating for Asian American and Pacific Islander communities are pushing the US Congress to reform the Section 702 surveillance program as Senate leaders move to renew it.

1 year ago

Wired

Open in Source

#intel #auth

Pro-Palestinian TA402 APT Using IronWind Malware in New Attack

By Deeba Ahmed As per cybersecurity researchers at Proofpoint, the APT group TA402 operates in support of Palestinian espionage objectives, with a primary focus on intelligence collection. This is a post from HackRead.com Read the original post: Pro-Palestinian TA402 APT Using IronWind Malware in New Attack

1 year ago

HackRead

Open in Source

#mac #google #microsoft #intel #backdoor #auth

CVE-2023-6126: HTML injection in Tittle in suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

1 year ago

CVE

Open in Source

#vulnerability #git #auth

CVE-2023-47262: Product Advisories

In Abbott ID NOW before 7.1, settings can be modified via physical access to an internal serial port.