Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

Debian Security Advisory 5383-1

Debian Linux Security Advisory 5383-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the (T)BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed (despite the -dSAFER sandbox being enabled).

Packet Storm
#vulnerability#linux#debian#js#pdf#buffer_overflow
pdfkit 0.8.7.2 Command Injection

pdfkit version 08.7.2 suffers from a command injection vulnerability.

CVE-2023-0842: xml2js 0.4.23 - Prototype Pollution | Advisories | Fluid Attacks

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

Researcher Tricks ChatGPT Into Building Undetectable Steganography Malware

Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2023-1849: cve_hub/Online Payroll System in PHP and MySQL Free Download A Comprehensive Guide - vlun 5.pdf at main · E1CHO/cve_hub

A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability.

CVE-2023-1845: cve_hub/Online Payroll System in PHP and MySQL Free Download A Comprehensive Guide - vlun 2.pdf at main · E1CHO/cve_hub

A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability.

CVE-2023-1848: cve_hub/Online Payroll System in PHP and MySQL Free Download A Comprehensive Guide - vlun 3.pdf at main · E1CHO/cve_hub

A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988.

CVE-2023-1847: cve_hub/Online Payroll System in PHP and MySQL Free Download A Comprehensive Guide - vlun 1.pdf at main · E1CHO/cve_hub

A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.