#web

Gentoo Linux Security Advisory 202401-2 - Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Versions greater than or equal to 1.19.0 are affected.

Easy Chat Server version 3.1 suffers from a denial of service vulnerability.

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023. The development was first reported by Reuters. The incident, described as a "powerful hacker attack," first came to light last month, knocking out access to mobile and internet services

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. ### Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

By Waqas According to DNA service provider 23andMe, if you are a user, you are to be blamed for reusing your password on other sites. This is a post from HackRead.com Read the original post: 23andMe blames its users for the massive data breach

Facebook has announced it will roll out a new option called Link History to mobile users around the world. What does that mean?

23andMe has responded in a letter to legal representatives of data breach victims that they were to blame themselves for re-using passwords

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.