Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0455PUBLISHED: 2023-01-26Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
CVE-2023-0470PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0488PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
CVE-2023-0509PUBLISHED: 2023-01-26Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.
CVE-2022-42493PUBLISHED: 2023-01-26
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable...
User Rank: Author
4/15/2015 | 3:36:33 AM
Great article Daniel. Nearly all networks have authenticated users with access and rights, who carry out the kind of malicious or careless behavior that often leads to security breaches. 2015 does seem set to be a huge year for tackling the insider threat, as we've seen from our recent research report of 500 IT professionals. More and more organizations are now planning to launch an insider threat program and within that program they are looking to take a joined-up approach of better user education and enhanced user technology solutions. The good news is that the technology is available today to help secure user access to company resources and protect users from their own casual behavior.