Tag
#auth
Bludit version 3.13.0 suffers from a cross site scripting vulnerability.
Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.
LimeSurvey Community version 5.3.32 suffers from a persistent cross site scripting vulnerability.
Orange Station version 1.0 suffers from a remote shell upload vulnerability.
Federal authorities have asked Google to reveal the identities of people that watched certain videos in at least two investigations.
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Access of Uninitialized Pointer, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the application or allow an attacker to run harmful code on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of Arena Simulation Software are affected: Arena Simulation Software: version 16.00 3.2 Vulnerability Overview 3.2.1 Out-of-bounds Write CWE-787 An arbitrary code execution vulnerability could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code...
By Uzair Amir Discover the top three cybersecurity tools designed to safeguard your business data from online threats and breaches, ensuring secure data transfer. This is a post from HackRead.com Read the original post: Top 3 Cybersecurity Tools to Protect Business Data
A high court in London says the WikiLeaks founder won’t be extradited “immediately” and the US must provide more “assurances” about any extradition.
### Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users, including the following: - `/api/graphql/` (1) - `/api/users/users/session/` (Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes are enabled on this Nautobot instance) - `/dcim/racks/<uuid:pk>/dynamic-groups/` (1) - `/dcim/devices/<uuid:pk>/dynamic-groups/` (1) - `/extras/job-results/<uuid:pk>/log-table/` - `/extras/secrets/provider/<str:provider_slug>/form/` (the only information exposed to an anonymous user is the fact that a secrets provider with the given slug (e.g. `environment-variable` or `text-file`) is supported by this Nautobot instance) - `/ipam/prefixes/<uuid:pk>/dynamic-groups/` (1) - `/ipam/ip-addresses/<uuid:pk>/dynamic-groups/` (1) - `/virtualization/clusters/<uuid:pk>/dynamic-groups/` (1) - `/virtualization/virtual-machines/<uuid:pk>/dynamic-groups/` (1) (1) These endpoints will not discl...