Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

Xenforo 2.2.15 Remote Code Execution

XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system.

Packet Storm
#csrf#vulnerability#web#php#rce
XenForo 2.2.15 Cross Site Request Forgery

XenForo versions 2.2.15 and below suffer from a cross site request forgery vulnerability in Widget::actionSave.

Atlassian Confluence Administrator Code Macro Remote Code Execution

This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.

Cinema Booking System 1.0 SQL Injection / Cross Site Request Forgery

Cinema Booking System version 1.0 suffers from remote SQL injection and cross site request forgery vulnerabilities.

GHSA-c96r-38gv-grp4: ShopXO Server-Side Request Forgery Vulnerability

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file `extend/base/Uploader.php`. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF.

Toshiba Multi-Function Printers 40 Vulnerabilities

103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more.

How MFA Failures are Fueling a 500% Surge in Ransomware Losses

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from

Critical GitLab Bug Threatens Software Development Pipelines

The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the