Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#git#java#php#perl#auth#ruby#firefox
Reflecting on supply chain attacks halfway through 2023

With BlackHat and “Hacker Summer Camp” going on over the next few weeks, this seems like the right time to step back and reflect on what’s happened so far this year.

August Patch Tuesday stops actively exploited attack chain and more

Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.

CVE-2023-36673: Widespread design flaws in VPN clients

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN.

Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF Reader issues could lead to remote code execution

Seven of the vulnerabilities included in today’s Vulnerability Roundup have a CVSS severity score of 9.8 out of a possible 10.

What is commercial spyware?

As the victims of commercial spyware are highly targeted individuals, the sobering truth is that some attackers have the means to be able to spend six figures to compromise a single target.

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System