Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-4655: Fix file field xss · instantsoft/icms2@a6a30e7

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.

CVE
Open in Source
#xss#vulnerability#git
CVE-2023-4652: Fixed upload XSS with wrong extension · instantsoft/icms2@7a7e57e

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

Qakbot botnet infrastructure suffers major takedown

Categories: News Categories: Ransomware Tags: Qakbot Tags: FBI Tags: law enforcement Tags: takedown Tags: removal tool Tags: HIBP Tags: Spamhaus The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement agencies. (Read more...) The post Qakbot botnet infrastructure suffers major takedown appeared first on Malwarebytes Labs.

GHSA-r285-q736-9v95: Filename spoofing in archive

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.

GHSA-c2cc-3569-6jh2: Path traversal in ZIPFoundation

An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.

GHSA-9v85-q87q-g4vg: Path traversal in Archive

An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file.

GHSA-g454-wj9r-jpg4: Path traversal in Zip Swift

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.

GHSA-7422-7rq6-j4qv: Badaso vulnerable to cross-site scripting

Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.

Enterprise security challenges for CNI organizations: Overview of security challenges

This is the first in a series of three blog posts focusing on United Kingdom Critical National Infrastructure (CNI) cybersecurity. Part 1 will focus on giving readers an overview of the problem space that CNI organizations face, Part 2 will explore the critical areas of People and Processes, and finally, Part 3 will concentrate on technology and identify where CNI organizations can reduce their risk through Red Hat technology, training, and services. All organizations across the globe are feeling the effects of increased cybersecurity attacks. Along with the growing number of attacks, the c

CVE-2023-23765: Release notes - GitHub Enterprise Server 3.8 Docs

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .