Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Apple Security Advisory 2023-03-27-5

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Packet Storm
Open in Source
#vulnerability#web#mac#apple#google#cisco#js#php#auth#wifi
CVE-2023-27701: MuYucms sqldel.html has Arbitrary file deletion vulnerability · Issue #9 · MuYuCMS/MuYuCMS

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html.

CVE-2023-23330: Amano Xparc Local File Inclusion (CVE-2023–23330) - Saleh - Medium

amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.

CVE-2023-27700: MuYucms picdel.html has Arbitrary file deletion vulnerability · Issue #8 · MuYuCMS/MuYuCMS

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html.

ChatGPT helps both criminals and law enforcement, says Europol report

Categories: News Tags: ChatGPT Tags: large language models Tags: LLMs Tags: jailbreak Tags: restrictions Tags: impersonating Tags: misinformation Subject matter experts at Europol were asked to explore how criminals can abuse LLMs such as ChatGPT, as well as how they may assist investigators in their daily work (Read more...) The post ChatGPT helps both criminals and law enforcement, says Europol report appeared first on Malwarebytes Labs.

CVE-2023-1380: security - Re: A USB-accessible slab-out-of-bounds read in Linux kernel driver

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.

CVE-2023-1666: bug_report/SQLi-1.md at main · si-xiao-kai/bug_report

A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224104.

CVE-2023-27245: GitHub - flyasolo/File-Management-System

A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module.

CVE-2023-27241: GitHub - kaikai-11/WaterBilling-System

SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module.

CVE-2023-25828: CyRC Vulnerability Advisory: CVE-2023-25828 Authenticated Remote Code Execution in Pluck CMS

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)