Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

PHPJabbers Meeting Room Booking System 1.0 Missing Rate Limiting

PHPJabbers Meeting Room Booking System version 1.0 suffers from a missing rate limiting vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#linux#dos#git#php#auth
PHPJabbers Cleaning Business Software 1.0 CSV Injection

PHPJabbers Cleaning Business Software version 1.0 suffers from a CSV injection vulnerability.

PHPJabbers Cinema Booking System 1.0 Cross Site Scripting

PHPJabbers Cinema Booking System version 1.0 suffers from reflective and persistent cross site scripting vulnerabilities.

PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting

PHPJabbers Cleaning Business Software version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

PHPJabbers Cleaning Business Software 1.0 Missing Rate Limiting

PHPJabbers Cleaning Business Software version 1.0 suffers from multiple missing rate limiting vulnerabilities.

PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting

PHPJabbers Shared Asset Booking System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

Act now! Ivanti vulnerabilities are being actively exploited

Several international security agencies are echoing a warning by Ivanti about actively exploited vulnerabilities in its VPN solution.

Mandiant: X Account Hacked in Brute-Force Attack Linked to ClinkSink Campaign

By Waqas Mandiant had its X account (formerly Twitter) hacked on January 3rd, 2024. This is a post from HackRead.com Read the original post: Mandiant: X Account Hacked in Brute-Force Attack Linked to ClinkSink Campaign

CVE-2024-0333: Chromium: CVE-2024-0333 Insufficient data validation in Extensions

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

GHSA-4mq2-gc4j-cmw6: Django Template Engine Vulnerable to XSS

### Impact **Vulnerability Type:** Cross-Site Scripting (XSS) **Affected Users:** All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. ### Patches The vulnerability has been addressed. The template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. Users are advised to upgrade to the latest version of the Django template engine for Fiber, where this security update is implemented. Ensure that the version of the template engine being used is the latest, post-patch version. ### Workarounds For users unable to upgrade immediately to the patched version, a workaround involves manually implementing autoescaping within individual Django templates. This method includes adding specific tags in...