Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

Atom CMS 2.0 Directory Traversal

Atom CMS version 2.0 suffers from a directory traversal vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#google#git#php#auth#firefox
Nedal CMS 1.2 SQL Injection

Nedal CMS version 1.2 suffers from a remote SQL injection vulnerability.

Asanhamayesh CMS 3.4.6 Directory Traversal

Asanhamayesh CMS version 3.4.6 suffers from a directory traversal vulnerability.

CVE-2023-37456: Security Vulnerabilities fixed in Firefox for iOS 115

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

CVE-2023-3600: Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR 115.0.2

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2.

Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 130 vulnerabilities, nine are rated Critical and 121 are rated Important in severity. This is in addition to eight flaws the tech giant patched in its Chromium-based Edge browser towards the end of

Update now! Microsoft patches a whopping 130 vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Apple Tags: Android Tags: Cisco Tags: Fortinet Tags: MOVEit Tags: Mozilla Tags: SAP Tags: VMware Tags: CVE-2023-32049 Tags: CVE-2023-35311 Tags: CVE-2023-32046 Tags: CVE-2023-36874 Tags: CVE-2023-36844 For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities, four of which are known to have been actively exploited. (Read more...) The post Update now! Microsoft patches a whopping 130 vulnerabilities appeared first on Malwarebytes Labs.

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared

Debian Security Advisory 5450-1

Debian Linux Security Advisory 5450-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

GHSA-6xxr-648m-gch6: XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

### Impact The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the integrity, availability and confidentiality of the whole XWiki installation. For regular cookie-based authentication, the vulnerability is mitigated by SameSite cookie restrictions but as of March 2023, these are not enabled by default in Firefox and Safari. ### Patches The vulnerability has been patched in XWiki 14.10.8 and 15.2 by requiring a CSRF token header for certain request types that are susceptible to CSRF attacks. ### Workarounds It is possible to check for the `Origin` header in a reverse proxy to protect the REST endpoint from CSRF attacks, see [the Jira issue](https://jira.xwiki.org/b...