MG Strategy+

Cybersecurity Data Services

 
  • Join Now-Sign Up
  • Log In
Category : MGS+ Partners

MGS+ Intelligence Platform – Version 2.0 Release

  MGS+ Intelligence Platform – Cyber Security Data Services Version 2.0 Released November 17 2017   About Platform   Platform […]

  • Editor Paper Extracts
  • Editor Picks Articles
  • Editor Picks Maps
  • Editor Picks Reports
  • MGS+ EPCM Workgroup
  • MGS+ ICS Workgroup
  • MGS+ Operational Efficiencies Workgroup
  • MGS+ Partners
  • Uncategorized

001 MGS Alerts Advisories

  • CVE-2023-41911
    Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). ... read more
  • CVE-2023-44173
    Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. ... read more
  • CVE-2023-43226
    An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. ... read more
  • CVE-2023-43323
    mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - ... read more
  • CVE-2023-5004
    Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. ... read more
  • CVE-2023-43657 | discourse-encrypt on Discourse Topic Title cross site scripting (GHSA-5fh6-wp7p-xx7v)
    A vulnerability classified as problematic has been found in discourse-encrypt on Discourse. This affects an unknown part of the component Topic Title Handler. The manipulation leads to cross site scripting. ... read more
  • CVE-2023-43664 | PrestaShop up to 8.1.1 ajaxProcessGetPossibleHookingListForModule privileges management (GHSA-gvrg-62jp-rf7j)
    A vulnerability was found in PrestaShop up to 8.1.1. It has been classified as problematic. Affected is the function ajaxProcessGetPossibleHookingListForModule. The manipulation leads to improper privilege management. This vulnerability is ... read more
  • CVE-2023-43323 | mooSocial 3.1.8 DNS Request Privilege Escalation
    A vulnerability was found in mooSocial 3.1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component DNS Request Handler. The manipulation of ... read more
  • CVE-2021-33638 | iSula cp Command access control
    A vulnerability was found in iSula and classified as very critical. Affected by this issue is some unknown functionality of the component cp Command Handler. The manipulation leads to improper ... read more
  • CVE-2021-33637 | iSula Export Command access control
    A vulnerability has been found in iSula and classified as very critical. Affected by this vulnerability is an unknown functionality of the component Export Command Handler. The manipulation leads to ... read more
  • CVE-2021-33636 | iSula Load Command Local Privilege Escalation
    A vulnerability, which was classified as critical, was found in iSula. Affected is an unknown function of the component Load Command Handler. The manipulation leads to Local Privilege Escalation. This ... read more
  • CVE-2021-33635 | iSula Image Pull Remote Code Execution
    A vulnerability, which was classified as very critical, has been found in iSula. This issue affects some unknown processing of the component Image Pull Handler. The manipulation leads to Remote ... read more
  • CVE-2021-33634 | iSula Image denial of service
    A vulnerability classified as problematic was found in iSula. This vulnerability affects unknown code of the component Image Handler. The manipulation leads to denial of service. This vulnerability was named ... read more
  • CVE-2023-43226 | DedeCMS up to 5.7.111 dede/baidunews.php unrestricted upload
    A vulnerability was found in DedeCMS up to 5.7.111. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dede/baidunews.php. The manipulation leads ... read more
  • CVE-2023-4021 | Modern Events Calendar Lite Plugin up to 7.0.x on WordPress cross site scripting
    A vulnerability was found in Modern Events Calendar Lite Plugin up to 7.0.x on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to ... read more
  • [Control systems] Rockwell automation security advisory (AV23-590)
    ... read more
  • CVE-2023-5186
    Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption ... read more
  • CVE-2023-39195
    ** REJECT ** CVE-2023-39195 was found to be a duplicate of CVE-2023-42755. Please see https://access.redhat.com/security/cve/CVE-2023-42755 for more information. ... read more
  • CVE-2023-30415
    Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. ... read more
  • CVE-2023-5187
    Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a ... read more
  • CVE-2023-5217
    Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML ... read more
  • CVE-2023-43884 | Subrion 4.2.1 Reference ID cross site scripting
    In Subrion 4.2.1 è stata rilevato un punto critico di livello problematico. Riguarda una funzione sconosciuta. La manipolazione del parametro Reference ID di un input sconosciuto se causa una vulnerabilità ... read more
  • CVE-2023-43878 | Rite CMS 3.0 Administration Menu cross site scripting
    In Rite CMS 3.0 è stato trovato un punto critico di livello problematico. É interessato una funzione sconosciuta del componente Administration Menu. Attraverso la manipolazione di un input sconosciuto per ... read more
  • CVE-2023-5186 | Google Chrome prima 117.0.5938.132 UI buffer overflow
    Una vulnerabilità di livello critico è stata rilevata in Google Chrome. Riguarda una funzione sconosciuta del componente UI Handler. Attraverso la manipolazione di un input sconosciuto per mezzo di una ... read more
  • CVE-2023-43876 | October 3.4.16 Installation dbhost cross site scripting
    Un punto di debole di livello problematico è stato rilevato in October 3.4.16. É interessato una funzione sconosciuta del componente Installation. Per causa della manipolazione del parametro dbhost di un ... read more
  • CVE-2023-43879 | Rite CMS 3.0 Administration Menu cross site scripting
    Un punto di criticita di livello problematico è stato rilevato in Rite CMS 3.0. Da questa vulnerabilità è interessato una funzione sconosciuta del componente Administration Menu. Mediante la manipolazione di ... read more
  • CVE-2023-30415 | Sourcecodester Packers and Movers Management System 1.0 view_inquiry.php id sql injection (ID 174758)
    Un punto critico di livello critico è stato rilevato in Sourcecodester Packers and Movers Management System 1.0. É interessato una funzione sconosciuta del file /inquiries/view_inquiry.php. Attraverso l'influenza del parametro id ... read more
  • CVE-2023-5217 | Google Chrome prima 117.0.5938.132 libvpx buffer overflow
    In Google Chrome stata rilevata una vulnerabilità di livello critico. Da questa vulnerabilità è interessato una funzione sconosciuta del componente libvpx. Per causa della manipolazione di un input sconosciuto se ... read more
  • CVE-2023-5187 | Google Chrome prima 117.0.5938.132 Extensions buffer overflow
    È stata rilevata una vulnerabilità di livello critico in Google Chrome. É interessato una funzione sconosciuta del componente Extensions. Mediante la manipolazione di un input sconosciuto conseguenza di una vulerabilità ... read more
  • CVE-2023-43867 | D-Link DIR-619L B1 2.02 formSetWanL2TP buffer overflow
    Un punto di criticita di livello critico è stato rilevato in D-Link DIR-619L B1 2.02. Da questa vulnerabilità è interessato la funzione formSetWanL2TP. Attraverso l'influenza di un input sconosciuto per ... read more
  • CVE-2023-43868 | D-Link DIR-619L B1 2.02 websGetVar buffer overflow
    Un punto di debole di livello critico è stato rilevato in D-Link DIR-619L B1 2.02. É interessato la funzione websGetVar. La manipolazione di un input sconosciuto se causa una vulnerabilità ... read more
  • Mozilla security advisory (AV23-587)
    ... read more
  • CVE-2023-43192 | jfinal_cms sql injection
    In jfinal_cms è stato trovato un punto critico di livello critico. É interessato una funzione sconosciuta. Per causa della manipolazione di un input sconosciuto se causa una vulnerabilità di classe ... read more
  • Cloudflare is a Teenager: A Security Company? A Network? A CDN? No! A Connectivity Cloud
    We have been very successful with our spin-out companies. Overall, as a company grows, it will typically reflect the beliefs of its founders, and so any new startup needs to ... read more
  • CVE-2023-43656 | matrix-hookshot bis 4.4.x generic.allowJsTransformationFunctions erweiterte Rechte (GHSA-fr97-pv6w-4cj6)
    Eine Schwachstelle wurde in matrix-hookshot bis 4.4.x entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion generic.allowJsTransformationFunctions. Durch Manipulation mit unbekannten Daten kann eine erweiterte Rechte-Schwachstelle ausgenutzt ... read more
  • CVE-2023-43314 | ZyXEL PMG2005-T20B cgi-bin/login.asp uid Pufferüberlauf
    In ZyXEL PMG2005-T20B wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei cgi-bin/login.asp. Mittels Manipulieren des Arguments uid mit ... read more
  • CVE-2023-43320 | Proxmox Backup Server/Mail Gateway Two-factor Authentication schwache Authentisierung
    Eine Schwachstelle wurde in Proxmox Backup Server and Mail Gateway gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Two-factor Authentication. Durch ... read more
  • CVE-2023-43660 | Warpgate bis 0.8.0 SSH Key schwache Authentisierung (GHSA-3cjp-w4cp-m9c8)
    Es wurde eine Schwachstelle in Warpgate bis 0.8.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Komponente SSH Key Handler. Mittels dem ... read more
  • CVE-2023-42222 | WebCatalog bis 48.x URL shell.openExternal erweiterte Rechte
    Es wurde eine Schwachstelle in WebCatalog bis 48.x ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion shell.openExternal der Komponente URL Handler. Durch Manipulieren mit unbekannten Daten kann eine ... read more
  • NA – CVE-2023-33972 – Scylladb is a NoSQL data store using the…
    Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to ... read more
  • NA – CVE-2023-40434 – A configuration issue was addressed with…
    A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's ... read more
  • CVE-2023-42822 | xrdp up to 0.9.23.0 xrdp_painter.c out-of-bounds (GHSA-2hjx-rm4f-r9hw)
    A vulnerability was found in xrdp up to 0.9.23.0. It has been declared as problematic. This vulnerability affects unknown code of the file xrdp_painter.c. The manipulation leads to out-of-bounds read. ... read more
  • CVE-2023-43650 | JumpServer prior 2.28.20/3.7.1 password recovery (GHSA-mwx4-8fwc-2xvw)
    A vulnerability classified as critical has been found in JumpServer. Affected is an unknown function. The manipulation leads to weak password recovery. This vulnerability is traded as CVE-2023-43650. It is ... read more
  • CVE-2023-43652 | JumpServer up to 2.28.19/3.7.0 KoKo authorization (GHSA-fr8h-xh5x-r8g9)
    A vulnerability classified as critical was found in JumpServer up to 2.28.19/3.7.0. Affected by this vulnerability is an unknown functionality of the component KoKo. The manipulation leads to missing authorization. ... read more
  • CVE-2023-5184 | zephyrproject-rtos Zephyr IPM Driver signed to unsigned conversion error (GHSA-8x3p-q3r5-xh9g)
    A vulnerability, which was classified as problematic, has been found in zephyrproject-rtos Zephyr. Affected by this issue is some unknown functionality of the component IPM Driver. The manipulation leads to ... read more
  • CVE-2023-33972 | Scylladb privileges management (GHSA-ww5v-p45p-3vhq)
    A vulnerability was found in Scylladb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper privilege management. The identification of this vulnerability ... read more
  • CVE-2023-40475 | GStreamer MXF File Parser integer overflow (ZDI-23-1457)
    A vulnerability was found in GStreamer. It has been classified as critical. Affected is an unknown function of the component MXF File Parser. The manipulation leads to integer overflow. This ... read more
  • CVE-2023-40476 | GStreamer Parsing stack-based overflow (ZDI-23-1458)
    A vulnerability was found in GStreamer and classified as critical. This issue affects some unknown processing of the component Parsing. The manipulation leads to stack-based buffer overflow. The identification of ... read more
  • CVE-2023-40474 | GStreamer MXF File Parser integer overflow (ZDI-23-1456)
    A vulnerability has been found in GStreamer and classified as critical. This vulnerability affects unknown code of the component MXF File Parser. The manipulation leads to integer overflow. This vulnerability ... read more
  • CVE-2023-43040 | Ceph RGW Bucket rgw_rest_s3.cc get_params access control
    A vulnerability, which was classified as critical, was found in Ceph RGW. This affects the function RGWPostObj_ObjStore_S3::get_params of the file rgw_rest_s3.cc of the component Bucket Handler. The manipulation leads to ... read more

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Friday, September 29, 2023

  • Disclaimer |
  • Terms |
  • Privacy
  • About-Services |
  • Blog-Reports
  • YouTube
  • Pinterest
  • LinkedIn
  • Twitter
  • LinkedIn
  • Twitter
  • Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?
Register Now

Hello

  • Your Account Type is
  • Your Mail Id is
  • Your Username is

PDF Library Search

Security Briefing Search

MGS+ Partners Search

Reset Password

Reset Password

You have no permission to access this content