Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GL-iNet MT6000 4.5.5 Arbitrary File Download

GL-iNet MT6000 version 4.5.5 suffers from an arbitrary file download vulnerability.

Packet Storm
#vulnerability#web#google#js#git#nginx#auth
Red Hat Security Advisory 2024-1601-03

Red Hat Security Advisory 2024-1601-03 - An update for curl is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

Rapid7 Nexpose 6.6.240 Unquoted Service Path

Rapid7 Nexpose version 6.6.240 suffers from an unquoted service path vulnerability.

Blood Bank 1.0 Cross Site Scripting

Blood Bank version 1.0 suffers from a persistent cross site scripting vulnerability.

Backdoor.Win32.Agent.ju (PSYRAT) MVID-2024-0677 Bypass / Command Execution

The PsyRAT 0.01 malware listens on random high TCP ports 53297, 53211, 532116 and so forth. Connecting to an infected host returns a logon prompt for PASS. However, you can enter anything or nothing at all and execute commands made available by the backdoor.

Daily Habit Tracker 1.0 Broken Access Control

Daily Habit Tracker version 1.0 suffers from an access control vulnerability.

Daily Habit Tracker 1.0 SQL Injection

Daily Habit Tracker version 1.0 suffers from a remote SQL injection vulnerability.

Daily Habit Tracker 1.0 Cross Site Scripting

Daily Habit Tracker version 1.0 suffers from a persistent cross site scripting vulnerability.

Employee Management System 1.0 SQL Injection

Employee Management System version 1.0 suffers from additional remote SQL injection vulnerabilities. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

WordPress Simple Backup Path Traversal / Arbitrary File Download

WordPress Simple Backup plugin versions prior to 2.7.10 suffer from file download and path traversal vulnerabilities.