Tag
#vulnerability
The ABB BMS/BAS controller suffers from a weak password policy, allowing users to set overly simplistic or blank passwords and usernames without restrictions. This vulnerability significantly reduces account security, enabling attackers to exploit weak credentials for unauthorized access to the system.
The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.
Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.
SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data.
A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.
A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
### Summary Once a user logins to one browser, all other browsers are logged in without entering password. Even incognito mode. ### Impact high
### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.13`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.13` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.
### Impact An argument injection vulnerability was discovered in `go-git` versions prior to `v5.13`. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to [git-upload-pack flags](https://git-scm.com/docs/git-upload-pack). This only happens when the `file` transport protocol is being used, as that is the only protocol that shells out to `git` binaries. ### Affected versions Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.13` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend users to enforce restrict validation rules for values passed in the URL field. ## Credit Thanks to @vin01 for responsibly disclosing this vulnerability to us.
New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.