Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability

By Waqas Mandiant Investigates Zero-Day Exploitation in Citrix Vulnerability, CVE-2023-4966. This is a post from HackRead.com Read the original post: Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability

HackRead
Open in Source
#vulnerability#web#windows#apple#google#cisco#git#rce#auth#zero_day#firefox
CVE-2023-46428: CVE/analyse.md at main · fenglon/CVE

An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file.

The New Era of Social Media Looks as Bad for Privacy as the Last One

The slow-motion implosion of Elon Musk’s X has given rise to a slew of competitors, where privacy invasions that ran rampant over the past decade still largely persist.

CVE-2023-3397: Linux Kernel: [PATCH] fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.

CVE-2023-46482: PHP/wuzhicms/WUZHI CMS v4.1.0 SQL Injection Vulnerability in Database Backup Functionality.md at main · XTo-o1/PHP

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.

CVE-2023-46911: Jspxcms v10.2.0 后台存在xss漏洞 · Issue #I8AK2H · jspxcms/Jspxcms - Gitee.com

There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.

CVE-2023-46928: SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42 · Issue #2661 · gpac/gpac

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

Leading, effective, and powerful tools for identifying site visitors

By Owais Sultan Knowing who visits your website gives you valuable data that your sales team can use this valuable marketing… This is a post from HackRead.com Read the original post: Leading, effective, and powerful tools for identifying site visitors

Researchers Expose Prolific Puma's Underground Link Shortening Service

A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years. Prolific Puma creates "domain names with an RDGA [registered domain generation algorithm] and use these domains to provide a link shortening service to other malicious actors, helping them evade

GHSA-jfxw-6c5v-c42f: Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Proof of Concept Step 1. Go to /admin and login. Step 2. In Documents, go to home -> click on Sample Content -> click Document folder Step 3. Upload file PDF content XSS payload ### Patches Apply patches https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c.patch https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9.patch ### Workarounds Update to version 1.2.0 or apply patches manually https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c.patch https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9.patch