Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2023-24641: mycve/SQLi-1.md at main · 594238758/mycve

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
Real Estate CRM Pro 5.7 SQL Injection

Real Estate CRM Pro from IT Ways version 5.7 appears to suffer from a remote SQL injection vulnerability that can allow for authentication bypass.

ProtonVPN launches extensions for Chrome and Firefox browsers

By Waqas ProtonVPN is currently available in three packages, including one free and two paid. This is a post from HackRead.com Read the original post: ProtonVPN launches extensions for Chrome and Firefox browsers

Ubuntu Security Notice USN-5880-2

Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perf...

CVE-2023-26255: CVEs/CVE-2023-26255.md at main · 1nters3ct/CVEs

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.

CVE-2023-26256: CVEs/CVE-2023-26256.md at main · 1nters3ct/CVEs

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

Apple Users Need to Update iOS Now to Patch Serious Flaws

Plus: Microsoft fixes several zero-day bugs, Google patches Chrome and Android, Mozilla rids Firefox of a full-screen vulnerability, and more.

CVE-2021-34248: Mobile Shop System 1.0 SQL Injection ≈ Packet Storm

SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.

Kshitish 2.0 Default Credentials

Kshitish Multipurpose eCommerce Platform version 2.0 leaves default administrative credentials installed post installation.