Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196PUBLISHED: 2023-05-26Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879PUBLISHED: 2023-05-26GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
User Rank: Strategist
4/17/2016 | 4:08:37 PM
After you attain these two certs, in order to further advance your career you will need to select one of three paths, a) the Big Enterprise brown-noser, b) the DFIR specialist (defensive security), or, c) the Red Teaming specialist (offensive security).
If you choose Path A, then SANS is a great place to get training and GIAC a wonderful place to start additional certifications, such as GCFA, then GREM, and (ideally) GSE. For this one path, your mentor is someone above your boss but not directly in the chain above your boss. You should stay at that company for 5-15 years. You can go to local meetings or conferences (e.g., ISACA, ISC2, ISSA) but mostly you need to save your time and money for SANS, or writing papers for SANS.
For Path B, get your CCE certification and find multiple mentors (mostly outside of your current job) in this space. You will need to track thousands of blogs and read hundreds of books to be successful enough to change jobs (while constatnly increasing your salary) every 2-2.5 years. What matters most here is on-the-job experience, especially coordinated with law enforcement. Go to every local Infragard meeting and some in nearby locales. Both Raytheon and MWR InfoSec offer great courses on Cyber Defense Detection and Response.
Path C is the most-difficult, best-accomplished through OSCP and OSCE or better certifications, often Corelan or SilentBreakSec training (for the fast-track approach, but these do not guarantee success in this field). You will need to mentor others and be mentored by others week-by-week for at least 5-10 years before even breaking in (pun) to this space. You will need to go to every conference you possibly can, worldwide, and start speaking about your custom current-running exploits a few times per year -- so research is heavily-valued. Try to attend local OWASP chapter events, but connect with likeminded individuals in your locales and build a lab or hackerspace where you can come together at least once or twice a month. I, personally followed this path, and found it best to work for a very-small security boutique or start your own company, such as a partnered LLC/LLP -- but be sure to surround yourself with cyber defenders in addition to offensive security professionals.