Tag
#chrome
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
Mozilla has launched its Total Cookie Protection addition to Firefox for users worldwide. What does it do? The post Firefox stops advertisers tracking you as you browse, calls itself the most “private and secure major browser” appeared first on Malwarebytes Labs.
Patch Tuesday for June 2022 brought a fix for Follina and many other security vulnerabilities. Time to figure out what needs to be prioritized. The post Update now! Microsoft patches Follina, and many other security updates appeared first on Malwarebytes Labs.
A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Microsoft is ready to phase out Internet Explorer and will start the procedure today. Are you ready as well? And will it solve a lot of security issues? The post It’s official, today you can say goodbye to Internet Explorer. Or can you? appeared first on Malwarebytes Labs.