Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

School Employee Allegedly Framed a Principal With Racist Deepfake Rant

Plus: Google holds off on killing cookies, Samourai Wallet founders get arrested, and GM stops driver surveillance program.

Wired
Open in Source
#vulnerability#web#ios#google#amazon#cisco#intel#samsung#huawei#zero_day#chrome#firefox
Ubuntu Security Notice USN-6747-1

Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.

GHSA-7947-48q7-cp5m: Dolibarr Application Home Page has HTML injection vulnerability

### Summary Observed a HTML Injection vulnerbaility in the Home page of Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). ### Details 1. Navigate to the login page of Dolibarr application. 2. Submit a login request with the following payload in an arbitrarily supplied body parameter: "**u70ea%22%3e%3c!--HTML_Injection_By_Sai"=1** **HTTP Post Request:** POST /dolibarr/index.php?mainmenu=home HTTP/1.1 Host: 192.168.37.129 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept...

Red Hat Security Advisory 2024-1904-03

Red Hat Security Advisory 2024-1904-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Centreon 23.10-1.el8 SQL Injection

Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.

Ray OS 2.6.3 Command Injection

The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

CHAOS RAT 5.0.1 Remote Command Execution

CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.

Joomla SP Page Builder 5.2.7 SQL Injection

Joomla SP Page Builder component version 5.2.7 suffers from a remote SQL injection vulnerability.

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets.