Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Accounting Journal Management System 1.0 Code Injection

Accounting Journal Management System version 1.0 suffers from a code injection vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#php#auth#firefox
ABIC Cardiology Management System 1.0 Cross Site Request Forgery

ABIC Cardiology Management System version 1.0 suffers from a cross site request forgery vulnerability.

Hospital Management System 1.0 Code Injection

Hospital Management System version 1.0 suffers from a code injection vulnerability.

Event Registration and Attendance System 1.0 Code Injection

Event Registration and Attendance System version 1.0 suffers from a code injection vulnerability.

Anatomy of an Attack

In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. "An attacker with command execution in a Pod running within an affected Azure Kubernetes Services cluster could download the configuration used to

Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials

GHSA-hmqf-wpq9-jq83: Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs)," AppOmni's Aaron Costello

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. "Jenkins Command Line Interface (CLI) contains a