Security
Headlines
HeadlinesLatestCVEs

Tag

#java

Update now! Mozilla fixes security vulnerabilities and introduces a new privacy feature for Firefox

Mozilla has released Firefox updates to the Release Channel that fix several security vulnerabilities and introduce a new privacy feature called Query Parameter Stripping. The post Update now! Mozilla fixes security vulnerabilities and introduces a new privacy feature for Firefox appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#vulnerability#web#microsoft#linux#java#ssh#firefox
CVE-2013-4170: Cross-site Scripting (XSS) in ember-source | CVE-2013-4170 | Snyk

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.

You Need to Update Windows and Chrome Right Now

Plus: Google issues fixes for Android bugs, and Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

CVE-2022-33061: bug_report/SQLi-9.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.

CVE-2022-33059: bug_report/SQLi-7.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train.

CVE-2022-33058: bug_report/SQLi-6.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message.

CVE-2022-33057: bug_report/SQLi-5.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.

CVE-2022-33060: bug_report/SQLi-8.md at main · k0xx11/bug_report

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.

CVE-2017-20120: Offensive Security’s Exploit Database Archive

A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2021-39074: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability (CVE-2021-39074)

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.