Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Congress Clashes Over the Future of America’s Section 702 Spy Program

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.

Wired
Open in Source
#redis#intel#auth#sap
CVE-2023-6035

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

CVE-2023-6538

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

Spanish Police Nab Venezuelan Leader of Kelvin Security Hacker Group

By Waqas The arrested Venezuelan individual now faces charges including membership in a criminal organization, disclosure of secrets, computer damage, and money laundering. This is a post from HackRead.com Read the original post: Spanish Police Nab Venezuelan Leader of Kelvin Security Hacker Group

WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery

WordPress Contact Form to Any API plugin versions 1.1.6 and below suffer from a cross site request forgery vulnerability.

WordPress Bravo Translate 1.2 SQL Injection

WordPress Bravo Translate plugin versions 1.2 and below suffer from a remote SQL injection vulnerability.

WordPress TextMe SMS 1.9.0 Cross Site Request Forgery

WordPress TextMe SMS plugin versions 1.9.0 and below suffer from a cross site request forgery vulnerability.

Ubuntu Security Notice USN-6500-2

Ubuntu Security Notice 6500-2 - USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update.

“Amazon got hacked” messages are a false alarm

A message about extra delivery addresses getting added to Amazon accounts has gone wild on social media. Luckily, it's nothing to worry about.

CVE-2023-6194: XXE in Eclipse Memory Analyzer report definition files (#15) · Issues · Eclipse Projects Security / cve-assignement · GitLab

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.