#auth

The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. "First, the drop manifested in India on August 8," ESET said in an analysis published this week. "A week later, on August 16, the same thing happened in China. While the mysterious control payload – aka kill switch – stripped Mozi bots of most

Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center.

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

By Owais Sultan India Blockchain Week (IBW), the country’s flagship series of blockchain and Web3 events held in Bangalore from Dec.4-10, is… This is a post from HackRead.com Read the original post: India Blockchain Week (IBW) Unveils Diverse Speaker Line-up

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: SpaceLogic C-Bus Toolkit Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, which could result in tampering of the SpaceLogic C-Bus home automation system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric products are affected: SpaceLogic C-Bus Toolkit: Versions 1.16.3 and prior 3.2 Vulnerability Overview 3.2.1 Improper Privilege Management CWE-269 Schneider Electric's SpaceLogic C-Bus Toolkit product is vulnerable due to improper privilege management, which could cause remote code execution when the transfer command is used over the network. CVE-2023-5402 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Fueling System Equipment: TS-550 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access the device and gain unauthenticated access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Franklin Fueling System TS-550, are affected: TS-550: All versions prior to 1.9.23.8960 3.2 Vulnerability Overview 3.2.1 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916 Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. CVE-2023-5846 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). 3.3 BACK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to reset the memory of the products to factory default state and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following versions of MELSEC-F series programmable controllers are affected if they are used with ethernet communication special adapter FX3U-ENET-ADP or ethernet communication block FX3U-ENET(-L) with the exception of "FX3GE-xMy/z x=24,40, y=T,R, z=ES,ESS,DS,DSS". Some of these products are sold in limited regions, see the Mitsubishi Electric advisory for details: MELSEC-F series FX3U-xMy/z x=16,32,48,64,80,128, y=T,R, z=ES,ESS,DS,DSS: All versions MELSEC-F series FX3U-32MR/UA1, FX3U-64MR/UA1: A...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to prevent legitimate users from logging into the web server function for a certain period, resulting in a denial-of-service condition. The impact of this vulnerability will persist while the attacker continues to attempt the attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric MELSEC iQ-F Series products are affected (Products with * are sold in limited regions): FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 17X**** and later): All versions FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 179**** and prior): Versions 1.060 or later FX5UC-xMy/z x=32,64,96, y=T, z=D,DSS (Serial number 17X**** and later): All versions FX5UC-xMy/z x=32,64,96...

Knowing the common scams is an important step in using the platform safely. The following recommendations help players not fall into scams.

The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.