#chrome

Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

A roundup of the previous week's most interesting security news and happenings, alongside our own content and research. Categories: A week in security Tags: Australia BlackMatter chrome cryptoeats gamers gummy browsers killware Magnitude npm q-logger revil rickrolls sinclair Slack snapchat tesla winRAR WP Fastest Cache youtube *( Read more... ( https://blog.malwarebytes.com/a-week-in-security/2021/10/a-week-in-security-oct-18-2021-oct-24-2021/ ) )* The post A week in security (Oct 18 – Oct 24) appeared first on Malwarebytes Labs.

Researchers have found that the Magnitude exploit kit is testing a Chrome vulnerability in combination with a Windows vulnerability. Categories: Exploits and vulnerabilities Tags: chrome chromium exploit kit magniber Magnitude puzzlemaker *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/magnitude-ek-has-been-spotted-targeting-the-chrome-browser/ ) )* The post Chrome targeted by Magnitude exploit kit appeared first on Malwarebytes Labs.

For the second time this year the REvil ransomware group has disappeared off the grid. Will they come back again? All bets are open. Categories: Ransomware Tags: BlackMatter darkside kasey ransomware revil Tor service *( Read more... ( https://blog.malwarebytes.com/ransomware/2021/10/revil-ransomware-gang-disappears-after-tor-services-hijacked/ ) )* The post [updated]REvil ransomware disappears after Tor services hijacked appeared first on Malwarebytes Labs.

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses