Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2020-12613: Privilege Management Release Notes

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.

CVE
Open in Source
#windows#intel#auth
Congress Clashes Over the Future of America’s Section 702 Spy Program

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.

CVE-2023-6035

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

CVE-2023-6538

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

Spanish Police Nab Venezuelan Leader of Kelvin Security Hacker Group

By Waqas The arrested Venezuelan individual now faces charges including membership in a criminal organization, disclosure of secrets, computer damage, and money laundering. This is a post from HackRead.com Read the original post: Spanish Police Nab Venezuelan Leader of Kelvin Security Hacker Group

WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery

WordPress Contact Form to Any API plugin versions 1.1.6 and below suffer from a cross site request forgery vulnerability.

WordPress Bravo Translate 1.2 SQL Injection

WordPress Bravo Translate plugin versions 1.2 and below suffer from a remote SQL injection vulnerability.

WordPress TextMe SMS 1.9.0 Cross Site Request Forgery

WordPress TextMe SMS plugin versions 1.9.0 and below suffer from a cross site request forgery vulnerability.

Ubuntu Security Notice USN-6500-2

Ubuntu Security Notice 6500-2 - USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update.

“Amazon got hacked” messages are a false alarm

A message about extra delivery addresses getting added to Amazon accounts has gone wild on social media. Luckily, it's nothing to worry about.