Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0455PUBLISHED: 2023-01-26Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
CVE-2023-0470PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0488PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
CVE-2023-0509PUBLISHED: 2023-01-26Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.
CVE-2022-42493PUBLISHED: 2023-01-26
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable...
User Rank: Author
12/24/2014 | 1:11:55 PM
The reality is that many prominent threat actors share resources and just because one attack may appear to have originated from IPs tied to prior attacks, does not mean that infrastructure is owned by the same group. It could be infrastructure rented out for multiple uses. It helps us understand what our customers might be up against.