Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-26573: Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

CVE
Open in Source
#vulnerability#web#dos#auth
CVE-2023-43360: GitHub - sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

Database Mess Up: 7TB of Healthcare Data Leak Affects 12 Million Patients

By Deeba Ahmed Yet another day, more unprotected data left in the Cloud without password or security measures. This is a post from HackRead.com Read the original post: Database Mess Up: 7TB of Healthcare Data Leak Affects 12 Million Patients

Okta's Latest Security Breach Is Haunted by the Ghost of Incidents Past

A recent breach of authentication giant Okta has impacted nearly 200 of its clients. But repeated incidents and the company’s delayed disclosure have security experts calling foul.

Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior

We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.

9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.

Update vCenter Server now! VMWare fixes critical vulnerability

Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: VMWare Tags: vCenter Server Tags: CVE-2023-34056 Tags: CVE-2023-34048 Tags: DCE/RPC Tags: out of bounds write Tags: information disclosure Tags: remote code execution VMWare has issued an update to address out-of-bounds write and information disclosure vulnerabilities in its server management software, vCenter Server. (Read more...) The post Update vCenter Server now! VMWare fixes critical vulnerability appeared first on Malwarebytes Labs.

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution

The device allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

A Cybersecurity Framework for Mitigating Risks to Satellite Systems

Cyber threats on satellite technology will persist and evolve. We need a comprehensive cybersecurity framework to protect them from attackers.

Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms

Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to