#apple

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.

Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SCALANCE XCM332  Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-bounds Write, and Improper Validation of Syntactic Correctness of Input  2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, code execution, data injection, and allow unauthorized access.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE XCM332 (6GK5332-0GA01-2AC2): Versions prior to 2.2  3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770  In versions of libtirpc prior to 1.3.3rc1, remote attackers could exhaust the file descriptors of a process using libtirpc due to mishandling of idle TC...

By Owais Sultan Mobile security is becoming increasingly important as we delve deeper into the era of the Internet of Things… This is a post from HackRead.com Read the original post: Top Mobile Security Considerations for Business Travelers

Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

By Waqas Do you have the skills to take part in OpenAI's ChatGPT Bug Bounty Program? If so, here is your chance to earn big bucks. This is a post from HackRead.com Read the original post: OpenAI Launches ChatGPT Bug Bounty Program – Earn $200 to $20k

Researchers at Microsoft have discovered links between a threat group tracked as DEV-0196 and an Israeli private-sector company, QuaDream, that sells a platform for exfiltrating data from mobile devices.

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.