Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

AVMS Project 1.0 SQL Injection

AVMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
#sql#vulnerability#windows#google#php#auth#firefox
Online Survey System 1.0 Cross Site Request Forgery

Online Survey System version 1.0 suffers from a cross site request forgery vulnerability.

Online Shopping System Master 1.0 Cross Site Request Forgery

Online Shopping System Master version 1.0 suffers from a cross site request forgery vulnerability.

Online Banking System 1.0 Arbitrary File Upload

Online Banking System version 1.0 suffers from an arbitrary file upload vulnerability.

Online ID Generator 1.0 Cross Site Request Forgery

Online ID Generator version 1.0 suffers from a cross site request forgery vulnerability.

MOBOTIX P3 and Mx6 Cameras

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MOBOTIX Equipment: P3 Cameras, Mx6 Cameras Vulnerability: Improper Neutralization of Expression/Command Delimiters 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of MOBOTIX are affected: P3 D24M: MX-V4.1.4.11, MX-V4.1.4.70, MX-V4.1.6.25, MX-V4.1.6.27, MX-V4.1.9.29, MX-V4.1.10.28, MX-V4.1.10.35, MX-V4.2.1.43, MX-V4.2.1.61, MX-V4.3.0.15, MX-V4.3.2.45, MX-V4.3.2.53, MX-V4.3.2.68, MX-V4.3.2.72, MX-V4.3.2.77, MX-V4.3.4.50, MX-V4.3.4.66, MX-V4.3.4.83, MX-V4.4.0.31, MX-V4.4.0.31.r1, MX-V4.4.1.55, MX-V4.4.1.56, MX-V4.4.2.34, MX-V4.4.2.51.r1, MX-V4.4.2.69, MX-V4.4.2.73 P3 M24M: MX-V4.1.4.11, MX-V4.1.4.70, MX-V4.1.6.25, MX-V4.1.6.27, MX-V4.1.9.29, MX-V4.1.10.28, MX-V4.1.10.35, MX-V4.2.1.43, MX-V4.2.1.61, MX-V4.3.0.15, MX-V4.3.2.45, MX-V...

The Facts About Continuous Penetration Testing and Why It’s Important

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an

GHSA-cgrq-wvfj-v28j: Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users.

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. "On GitHub Enterprise Server instances that use SAML single sign-on (SSO)