Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2021-3958: cve/Ipack-Scada-Automation.txt at main · paradessia/cve

Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.

CVE
#sql#vulnerability#web#windows#apple#google#php#auth#chrome#webkit
CVE-2021-24626: wp-plugin : chameleon-css | Code Vigilant : to err is human.. To fix is Humanity

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection

CVE-2021-37806: Vehicle Parking Management System 1.0 SQL Injection ≈ Packet Storm

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

A week in security (Oct 18 – Oct 24)

A roundup of the previous week's most interesting security news and happenings, alongside our own content and research. Categories: A week in security Tags: Australia BlackMatter chrome cryptoeats gamers gummy browsers killware Magnitude npm q-logger revil rickrolls sinclair Slack snapchat tesla winRAR WP Fastest Cache youtube *( Read more... ( https://blog.malwarebytes.com/a-week-in-security/2021/10/a-week-in-security-oct-18-2021-oct-24-2021/ ) )* The post A week in security (Oct 18 – Oct 24) appeared first on Malwarebytes Labs.

Chrome targeted by Magnitude exploit kit

Researchers have found that the Magnitude exploit kit is testing a Chrome vulnerability in combination with a Windows vulnerability. Categories: Exploits and vulnerabilities Tags: chrome chromium exploit kit magniber Magnitude puzzlemaker *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/magnitude-ek-has-been-spotted-targeting-the-chrome-browser/ ) )* The post Chrome targeted by Magnitude exploit kit appeared first on Malwarebytes Labs.

[updated]REvil ransomware disappears after Tor services hijacked

For the second time this year the REvil ransomware group has disappeared off the grid. Will they come back again? All bets are open. Categories: Ransomware Tags: BlackMatter darkside kasey ransomware revil Tor service *( Read more... ( https://blog.malwarebytes.com/ransomware/2021/10/revil-ransomware-gang-disappears-after-tor-services-hijacked/ ) )* The post [updated]REvil ransomware disappears after Tor services hijacked appeared first on Malwarebytes Labs.

CVE-2021-33609: fix: Add row limit to DataCommunicator row data requests by TatuLund · Pull Request #12415 · vaadin/framework

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

CVE-2021-37975: Stable Channel Update for Desktop

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30632

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-22261: Stored XSS in the Jira issue detail pages (#328389) · Issues · GitLab.org / GitLab · GitLab

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses