Tag
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
By Owais Sultan Although online fraud includes identity theft, phishing scams, and viruses, there are steps that can be taken to protect against them. Let's dig into the whats and hows of it. This is a post from HackRead.com Read the original post: 5 Online Fraud Fighting Tips for Novices
Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is
### Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message, which could lead to a denial of service (DoS) on services using the libraries. Reporter: [ClusterFuzz](https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. ### Severity & Impact **Medium 5.7** - [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) A small (~500 KB) malicious payload can be constructed which causes the running service to allocate more than 3GB of RAM. ### Proof of Concept For reproduction details, please refer to the unit test that identifies the specific inputs that exercise this parsing weakness. ### Mitigation / Patching Please update to the latest available versions of the following pac...
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, "America is looking for me because I have enormous information and they need it."