Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2023-26949: Remote code execution caused by uploading arbitrary files in the background · Issue #1 · keheying/onekeyadmin

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#js#git#php#rce#pdf#chrome#webkit
The Role of Verifiable Credentials In Preventing Account Compromise

As digital identity verification challenges grow, organizations need to adopt a more advanced and forward-focused approach to preventing hacks.

Purchase Order Management 1.0 Cross Site Scripting

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload.

CVE-2023-27574: Disable CODE_SIGNING_INJECT_BASE_ENTITLEMENTS for release build #1455 by lkebin · Pull Request #1456 · shadowsocks/ShadowsocksX-NG

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.

The Sketchy Plan to Build a Russian Android Phone

Amid isolating sanctions, a Russian tech giant plans to launch new Android phones and tablets. But experts are skeptical the company can pull it off.

CVE-2023-1162: Vuln/2.md at main · xxy1126/Vuln

A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability.

CVE-2023-1163: Vuln/3.md at main · xxy1126/Vuln

A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259.

CVE-2021-4328: 狮子鱼CMS ApiController.class.php SQL注入漏洞复现 - n00bk1ng的小窝

A vulnerability has been found in ???CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222223.

Crushing the two biggest threats to mobile endpoint security in 2023

Categories: Business Protect your organization from mobile phishing and malware attacks. (Read more...) The post Crushing the two biggest threats to mobile endpoint security in 2023 appeared first on Malwarebytes Labs.