#web

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

By Deeba Ahmed Yet another day, more unprotected data left in the Cloud without password or security measures. This is a post from HackRead.com Read the original post: Database Mess Up: 7TB of Healthcare Data Leak Affects 12 Million Patients

The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.

A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.

The device allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

Categories: News Categories: Personal Categories: Privacy Tags: PimEyes Tags: minors Tags: children Tags: face search engine Tags: AI PimEyes says it has taken technical measures to block searches for children's faces as part of a no harm policy. (Read more...) The post Face search engine PimEyes stops searches of children’s faces appeared first on Malwarebytes Labs.

Ubuntu Security Notice 6438-2 - USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799] was incomplete. This update fixes the problem. Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service.