Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-6061: Phantom DLL hijacking vulnerabilities in Iconics Suite - CVE-2023-6061

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll

CVE
Open in Source
#vulnerability#web#mac#git#intel#perl#auth
CVE-2023-5008: Student Information System v1.0 - Unauthenticated SQL Injection (SQLi) | Advisories | Fluid Attacks

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents

By Waqas The documents were leaked on December 6th, 2023, on Breach Forums. This is a post from HackRead.com Read the original post: Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents

CVE-2023-4122: Student Information System v1.0 - Insecure File Upload | Advisories | Fluid Attacks

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

GHSA-c79f-pqgf-fhp3: Directory Traversal in Gladys Assistant

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

By Deeba Ahmed Discovered by the cybersecurity researchers at Group-IB; the new Linux RAT, dubbed Krasue, is targeting telecom firms in Thailand. This is a post from HackRead.com Read the original post: New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

CVE-2023-47440: Update HLS chunk regex by Pierre-Gilles · Pull Request #1918 · GladysAssistant/Gladys

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

CVE-2023-33411: Supermicro Data Center Server, Blade, Data Storage, AI System

A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.