Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2018-17879: Five Vulnerabilities in ABUS cameras

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

CVE
Open in Source
#vulnerability#web#ios#rce#buffer_overflow#hard_coded_credentials#auth#wifi
CVE-2018-17878: Five Vulnerabilities in ABUS cameras

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using

CVE-2023-45869: CVE-2023-45869 - Labor - rehme.infosec

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.

CVE-2023-46238: Release v2.39.2 · zitadel/zitadel

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim’s account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2.

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution

TEM Opera Plus FM Family Transmitter version 35.45 suffers from a remote code execution vulnerability.

WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion

WordPress AI ChatBot plugin versions 4.8.9 and below suffer from arbitrary file deletion, remote SQL injection, and directory traversal vulnerabilities.

Apple Security Advisory 10-25-2023-5

Apple Security Advisory 10-25-2023-5 - macOS Ventura 13.6.1 addresses bypass and code execution vulnerabilities.