Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-47621: Remote code execution via file uploads

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fixed in v3.1.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
Open in Source
#vulnerability#php#rce#auth
Red Hat Security Advisory 2023-6227-01

Red Hat Security Advisory 2023-6227-01 - An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

CVE-2023-32123: WordPress The7 — Website and eCommerce Builder for WordPress theme <= 11.7.3 - Cross-Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3.

CVE-2023-31230: WordPress Baidu Tongji generator plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.

CVE-2023-35877: WordPress Extra User Details plugin <= 0.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.

CVE-2023-39166: WordPress tagDiv Composer plugin < 4.4 - CSRF to XSS vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.

Lockbit Ransomware Leaks Boeing Data Trove

By Deeba Ahmed Earlier, Boeing acknowledged a cyberattack amidst claims by the Lockbit ransomware gang of breaching its security and stealing data. This is a post from HackRead.com Read the original post: Lockbit Ransomware Leaks Boeing Data Trove

OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

By Waqas While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

CVE-2023-6098: Multiple vulnerabilities in ICSSolution ICS Business Manager

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application.

HiBoB Experts Reveal: Top Cybersecurity Threats for Employee Data

By Waqas Employee data—it contains some of your company’s most sensitive information. Salaries, social security numbers, health records…this stuff is… This is a post from HackRead.com Read the original post: HiBoB Experts Reveal: Top Cybersecurity Threats for Employee Data