Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Fortra Digital Guardian Agent Uninstaller Cross Site Scripting / UninstallKey Cached

The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#git#java#pdf#auth
ID Theft Service Resold Access to USInfoSearch Data

One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned.

Ubuntu Security Notice USN-6513-2

Ubuntu Security Notice 6513-2 - USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service.

Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets

Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear.

Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets

Loytec LINX Configurator version 7.4.10 suffers from insecure transit and cleartext hardcoded secret vulnerabilities.

Elon Musk Is Giving QAnon Believers Hope Just in Time for the 2024 Elections

Musk’s recent use of the term “Q*Anon” is his most explicit endorsement of the movement to date. Conspiracists have since spent days dissecting its meaning and cheering on his apparent support.

m-privacy TightGate-Pro Code Execution / Insecure Permissions

m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities.

CVE-2023-49313: GitHub - horsicq/XMachOViewer: XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.

Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

By Owais Sultan Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace. This is a post from HackRead.com Read the original post: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

By Owais Sultan Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace. This is a post from HackRead.com Read the original post: Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw