Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Apple Security Advisory 11-30-2023-2

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

Packet Storm
Open in Source
#xss#vulnerability#web#ios#apple#google#js#webkit
CVE-2023-6759

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887.

Ukraine’s Cyberattack Cripples Russia’s Tax System

By Waqas Ukrainian Military's Main Directorate of Intelligence (GUR) Launches Devastating Cyberattack on Russia's Federal Tax Service (FTS) and IT Infrastructure This is a post from HackRead.com Read the original post: Ukraine’s Cyberattack Cripples Russia’s Tax System

CVE-2023-47320: Plateforme collaborative - open source Silverpeas est votre logiciel intranet

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

GHSA-6324-52pr-h4p5: Using the directory back payload (“/../”) in a package name allows placement of package in other folders.

#### Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.

GHSA-v98m-398x-269r: DOM-XSS on Backoffice login screen.

#### Impact Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of

How to Analyze Malware’s Network Traffic in A Sandbox

Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure

CVE-2023-6380: Multiple vulnerabilities in Alkacon Software OpenCms

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an