MG Strategy+

Cybersecurity Data Services

 
  • Join Now-Sign Up
  • Log In
Tag : MITRE BLAISE

MITRE: Effective Regional Cyber Threat Information Sharing – Cyber Prep and BLAISE

  Cyber threat information sharing exchanges have traditionally formed within the context of industry sectors, either as direct peer-to-peer exchanges […]

  • Editor Paper Extracts
  • Editor Picks Articles
  • Editor Picks Maps
  • Editor Picks Reports
  • MGS+ EPCM Workgroup
  • MGS+ ICS Workgroup
  • MGS+ Operational Efficiencies Workgroup
  • MGS+ Partners
  • Uncategorized

001 MGS Alerts Advisories

  • CVE-2015-9343 | wp-rollback Plugin up to 1.2.2 on WordPress cross-site request forgery
    A vulnerability was found in wp-rollback Plugin up to 1.2.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to ... read more
  • CVE-2015-9342 | wp-rollback Plugin up to 1.2.2 on WordPress cross site scripting
    A vulnerability was found in wp-rollback Plugin up to 1.2.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. ... read more
  • CVE-2019-15564 | Compassion Switzerland Addons 10.01.4 on Odoo partner_compassion.py sql injection
    A vulnerability was found in Compassion Switzerland Addons 10.01.4 on Odoo. It has been declared as critical. This vulnerability affects unknown code of the file models/partner_compassion.py. The manipulation leads to ... read more
  • CVE-2019-15568 | idseq-web tax_levels sql injection
    A vulnerability, which was classified as critical, has been found in idseq-web. Affected by this issue is some unknown functionality. The manipulation of the argument tax_levels leads to sql injection. ... read more
  • CVE-2019-15569 | HM Courts & Tribunals ccd-data-store-api SearchQueryFactoryOperation.java sql injection
    A vulnerability, which was classified as critical, was found in HM Courts & Tribunals ccd-data-store-api. This affects an unknown part of the file SearchQueryFactoryOperation.java. The manipulation leads to sql injection. ... read more
  • CVE-2019-15567 | OpenForis Arena Sort sql injection
    A vulnerability classified as critical was found in OpenForis Arena. Affected by this vulnerability is an unknown functionality of the component Sort Handler. The manipulation leads to sql injection. This ... read more
  • CVE-2019-15566 | Alfresco App up to 1.8.6 on Android HistorySearchProvider.java sql injection
    A vulnerability classified as critical has been found in Alfresco App up to 1.8.6 on Android. Affected is an unknown function of the file HistorySearchProvider.java. The manipulation leads to sql ... read more
  • CVE-2019-15565 | ICOMMKT Connector up to 1.0.6 on PrestaShop icommktconnector.php sql injection
    A vulnerability was found in ICOMMKT Connector up to 1.0.6 on PrestaShop. It has been rated as critical. This issue affects some unknown processing of the file icommktconnector.php. The manipulation ... read more
  • CVE-2019-15563 | OHDSI WebAPI up to 2.7.1 FeatureExtractionService.java sql injection
    A vulnerability was found in OHDSI WebAPI up to 2.7.1. It has been classified as critical. This affects an unknown part of the file FeatureExtractionService.java. The manipulation leads to sql ... read more
  • CVE-2023-42686 | Unisoc S8000 Wifi Service erweiterte Rechte
    In Unisoc SC7731E, SC9832E, SC9863A, T310, T606, T612, T616, T610, T618, T760, T770, T820 and S8000 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion ... read more
  • When Bob and Alice Have a Secret … They Can Generate Another Secret: Meet J-PAKE
    When Bob and Alice Have a Secret … They Can Generate Another Secret: Meet J-PAKEJ-PAKE (Password Authenticated Key Exchange by Juggling) was created by Hao and Ryan [1] and fully defined in ... read more
  • 91.09373
    Modified (7)Android/Agent.LWO!trAndroid/Agent.LXD!trAndroid/Agent.LXN!trAndroid/Banker.CCC!tr.spyAndroid/Banker.CEI!tr.spyAndroid/Hiddad.BAX!trAndroid/SpinOk.H!tr.spy ... read more
  • 91.09374
    Modified (10)Adware/Fyben!AndroidAdware/KreditSpy!AndroidAdware/MobiDash!AndroidAdware/MyAd!AndroidAdware/SpyLoan!AndroidAndroid/Banker.BWO!tr.spyAndroid/Banker.CBV!tr.spyAndroid/Banker.CEI!tr.spyAndroid/FakeApp.TB!trRiskware/Application!Android ... read more
  • 91.09375
    Modified (2)Adware/Banker!AndroidAndroid/Agent.AMU!tr.dldr ... read more
  • Secure Remote Password 6a (SRP6a)
    The storing of passwords is an obvious attack point on any system. The method to store these, such as with a hash of the password, is often open to dictionary ... read more
  • CVE-2023-3246 | GitLab Enterprise Edition prior 16.3.6/16.4.2/16.5.1 resource consumption (Issue 41537)
    A vulnerability was found in GitLab Enterprise Edition. It has been classified as problematic. This affects an unknown part. The manipulation leads to resource consumption. This vulnerability is uniquely identified ... read more
  • CVE-2023-47186 | Kadence WP Kadence WooCommerce Email Designer Plugin up to 1.5.11 on WordPress cross-site request forgery
    A vulnerability was found in Kadence WP Kadence WooCommerce Email Designer Plugin up to 1.5.11 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation ... read more
  • CVE-2023-5963 | GitLab Enterprise Edition prior 16.3.6/16.4.2/16.5.1 Advanced Search denial of service (Issue 42346)
    A vulnerability was found in GitLab Enterprise Edition. It has been rated as problematic. This issue affects some unknown processing of the component Advanced Search. The manipulation leads to denial ... read more
  • Can I Recover A Message From My Signature?
    Wouldn’t it be amazing if I could sign my name on a message, and where my signature contains the details of the message? Someone could then examine my signature and ... read more
  • Chrome Dev for Desktop Update
    The Dev channel has been updated to 121.0.6156.3 for Windows, Mac and Linux.A partial list of changes is available in the Git log. Interested in switching release channels? Find out ... read more
  • attack surface
    ... read more
  • 7 key OT security best practices
    ... read more
  • NA – CVE-2023-6461 – Cross-site Scripting (XSS) – Reflected in…
    Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. ... read more
  • NA – CVE-2023-28895 – The password for access to the debugging…
    The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access ... read more
  • NA – CVE-2023-6449 – The Contact Form 7 plugin for WordPress is…
    The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the ... read more
  • NA – CVE-2023-28896 – Access to critical Unified Diagnostics Services…
    Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily ... read more
  • Critical – CVE-2023-5634 – Improper Neutralization of Special Elements…
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: ... read more
  • High – CVE-2023-5635 – Improper Protection for Outbound Error Messages…
    Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.This issue affects Education Portal: before v1.1. ... read more
  • High – CVE-2023-5637 – Unrestricted Upload of File with Dangerous Type…
    Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1. ... read more
  • Critical – CVE-2023-5636 – Unrestricted Upload of File with Dangerous Type…
    Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1. ... read more
  • NA – CVE-2023-5427 – A local non-privileged user can make improper…
    A local non-privileged user can make improper GPU processing operations to gain access to already freed memory. ... read more
  • CVE-2019-1581 | Palo Alto PAN-OS up to 7.1.24/8.0.19/8.1.9/9.0.3 Message input validation
    A vulnerability classified as critical has been found in Palo Alto PAN-OS up to 7.1.24/8.0.19/8.1.9/9.0.3. This affects an unknown part. The manipulation as part of Message leads to improper input ... read more
  • CVE-2019-8445 | JIRA up to 7.13.6/8.3.1 Worklog permission
    A vulnerability, which was classified as problematic, has been found in JIRA up to 7.13.6/8.3.1. Affected by this issue is some unknown functionality of the component Worklog. The manipulation leads ... read more
  • CVE-2019-8446 | JIRA up to 8.3.1 issueTable Username improper authorization
    A vulnerability, which was classified as problematic, was found in JIRA up to 8.3.1. This affects an unknown part of the file /rest/issueNav/1/issueTable. The manipulation leads to improper authorization (Username). ... read more
  • CVE-2019-8444 | JIRA up to 7.13.5/8.2.2/8.3.1 wikirenderer Attribute cross site scripting
    A vulnerability classified as problematic was found in JIRA up to 7.13.5/8.2.2/8.3.1. Affected by this vulnerability is an unknown functionality of the component wikirenderer. The manipulation as part of Attribute ... read more
  • CVE-2023-6438 | Thecosy IceCMS 2.0.1 Like /WebArticle/articles/ improper enforcement of a single, unique action
    A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to ... read more
  • CVE-2023-48893 | Senayan SLiMS 9.6.1 staff_act.php SQL Injection
    Eine kritische Schwachstelle wurde in Senayan SLiMS 9.6.1 gefunden. Davon betroffen ist unbekannter Code der Datei admin/modules/reporting/customs/staff_act.php. Durch das Manipulieren mit unbekannten Daten kann eine SQL Injection-Schwachstelle ausgenutzt werden. Bereitgestellt ... read more
  • CVE-2023-48813 | Senayan SLiMS 9.6.1 fines_report.php SQL Injection
    In Senayan SLiMS 9.6.1 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei admin/modules/reporting/customs/fines_report.php. Mittels Manipulieren mit unbekannten Daten kann eine SQL Injection-Schwachstelle ausgenutzt werden. Das Advisory ... read more
  • Chrome Dev for Android Update
    Hi everyone! We've just released Chrome Dev 121 (121.0.6155.2) for Android. It's now available on Google Play.You can see a partial list of the changes in the Git log. For ... read more
  • Chrome Beta for iOS Update
    Hi everyone! We've just released Chrome Beta 120 (120.0.6099.47) for iOS; it'll become available on App Store in the next few days.You can see a partial list of the changes ... read more
  • CVE-2023-34179 | Groundhogg Plugin up to 2.7.11 sql injection
    A vulnerability was found in Groundhogg Plugin up to 2.7.11 and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this ... read more
  • CVE-2023-25700 | Themeum Tutor LMS Plugin up to 2.1.10 on WordPress sql injection
    A vulnerability was found in Themeum Tutor LMS Plugin up to 2.1.10 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql ... read more
  • CVE-2023-23369 | QNAP Multimedia Console/QTS/Media Streaming Add-on command injection (qsa-23-35)
    A vulnerability was found in QNAP Multimedia Console, QTS and Media Streaming Add-on. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads ... read more
  • Troj/MSIL-SXC
    ... read more
  • Troj/TeslaA-DRM
    ... read more
  • Troj/PS-MT
    ... read more
  • Troj/Inject-JFN
    ... read more
  • Troj/Krypt-ACW
    ... read more
  • Troj/Agent-BKJF
    ... read more
  • Troj/IcedID-IX
    ... read more

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Monday, December 4, 2023

  • Disclaimer |
  • Terms |
  • Privacy
  • About-Services |
  • Blog-Reports
  • YouTube
  • Pinterest
  • LinkedIn
  • Twitter
  • LinkedIn
  • Twitter
  • Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?
Register Now

Hello

  • Your Account Type is
  • Your Mail Id is
  • Your Username is

PDF Library Search

Security Briefing Search

MITRE BLAISE Search

Reset Password

Reset Password

You have no permission to access this content