Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

eClass Junior 4.0 SQL Injection

eClass Junior version 4.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist

The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers. A WIRED investigation reveals the company’s “very crazy night” trying to stop them.

Ubuntu Security Notice USN-6416-2

Ubuntu Security Notice 6416-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

Red Hat Security Advisory 2023-5461-01

Red Hat Security Advisory 2023-5461-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include a denial of service vulnerability.

Multi-factor authentication has proven it works, so what are we waiting for?

Categories: News Categories: Personal Amazon has announced it will require all privileged AWS to use MFA in the near future. Let's hope others follow. (Read more...) The post Multi-factor authentication has proven it works, so what are we waiting for? appeared first on Malwarebytes Labs.

CVE-2023-4469: Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure — Wordfence Intelligence

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.

CVE-2023-44024: [CVE-2023-44024] Improper neutralization of SQL parameters in KnowBand - One Page Checkout, Social Login & Mailchimp module for PrestaShop

SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.

CVE-2023-43983: [CVE-2023-43983] Improper neutralization of SQL parameter in Presto Changeo - Attribute Grid module for PrestaShop

Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.

CVE-2023-40920: [CVE-2023-40920] Improper neutralization of an SQL parameter in prixanconnect module for PrestaShop

Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().