Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

Camaleon CMS 2.7.0 Server-Side Template Injection

Camaleon CMS version 2.7.0 suffers from a server-side template injection vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#auth#firefox
CVE-2023-28153: Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App

An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.

CVE-2023-33440: bug_report/RCE-1.md at main · F14me7wq/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.

CVE-2023-33439: bug_report/SQLi-1.md at main · F14me7wq/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.

Laravel 10.11 Database Disclosure / Information Disclosure

Laravel version 10.11 suffers from database disclosure and information leakage vulnerabilities.

CVE-2023-25439: FusionInvoice 2023-1.0 Cross Site Scripting ≈ Packet Storm

Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.

CVE-2023-33751: There is a cross site scripting (XSS) vulnerability exists in mipjz v5.0.5 · Issue #14 · sansanyun/mipjz

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php.

CVE-2023-33750: There is a cross site scripting (XSS) vulnerability exists in mipjz v5.0.5 · Issue #15 · sansanyun/mipjz

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.

FusionInvoice 2023-1.0 Cross Site Scripting

FusionInvoice version 2023-1.0 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice USN-6074-3

Ubuntu Security Notice 6074-3 - USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. Anne van Kesteren discovered that Firefox did not properly validate the import call in service workers. An attacker could potentially exploits this to obtain sensitive information. Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicious favicon file, an attacker could cause a den...