Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0519PUBLISHED: 2023-01-26Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVE-2023-0493PUBLISHED: 2023-01-26Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVE-2022-46967PUBLISHED: 2023-01-26An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.
CVE-2022-46966PUBLISHED: 2023-01-26Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.
CVE-2023-0455PUBLISHED: 2023-01-26Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
User Rank: Apprentice
1/25/2017 | 1:48:20 PM
How many IT staffs/managers adhere to LAN segmentation or data center east/west, north/south security. I'm not just talking about allowing a few ports like 443, 80,8080,25,53 etc. Bad stuff rides on these ports as well because threat actors know they are most likely to be open. Zero trust is about knowing the precise application regardless of port or protocol as well as connecting a username to that session.