Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-48161PUBLISHED: 2023-02-01Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.
CVE-2023-0341PUBLISHED: 2023-02-01
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the ...
CVE-2023-23924PUBLISHED: 2023-02-01
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call...
CVE-2023-24241PUBLISHED: 2023-02-01Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
CVE-2023-24956PUBLISHED: 2023-02-01Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.
User Rank: Apprentice
1/25/2017 | 1:48:20 PM
How many IT staffs/managers adhere to LAN segmentation or data center east/west, north/south security. I'm not just talking about allowing a few ports like 443, 80,8080,25,53 etc. Bad stuff rides on these ports as well because threat actors know they are most likely to be open. Zero trust is about knowing the precise application regardless of port or protocol as well as connecting a username to that session.