Security
Headlines
HeadlinesLatestCVEs

Tag

#web

YouTube Takes on Ad Blockers with Warning Pop-Ups

By Waqas Using YouTube? You might need to disable your ad blocker or whitelist YouTube.com. This is a post from HackRead.com Read the original post: YouTube Takes on Ad Blockers with Warning Pop-Ups

HackRead
Open in Source
#web#google#chrome
Is It Possible to Delete Yourself From the Internet Altogether?

By Owais Sultan Believe it or not, the internet is now over half a century old. Of course, it has really… This is a post from HackRead.com Read the original post: Is It Possible to Delete Yourself From the Internet Altogether?

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

CVE-2023-35024: IBM Cloud Pak for Business Automation cross-site scripting CVE-2023-35024 Vulnerability Report

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.

The US Congress Was Targeted With Predator Spyware

Plus: Hamas raised millions in crypto, Exxon used hacked data, and more.

CVE-2023-1259: class-hotjar.php in hotjar/tags/1.0.14/includes – WordPress Plugin Repository

The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE-2023-30148: [CVE-2023-30148] Multiple cross-site scripting (XSS) vulnerabilities in the Multi html block (opartmultihtmlblock) module and multihtmlblock* sub-modules from Opart for PrestaShop

Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.

CVE-2023-30154: [CVE-2023-30154] Improper neutralization of SQL parameters in AfterMail (aftermailpresta) module from Shoprunners for PrestaShop

Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.

CVE-2023-45853: Minizip: Zip and UnZip additionnal library

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.

Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group

By Waqas Third-Party Data Breach Suspected in Online Files Linked to Colonial Pipeline. This is a post from HackRead.com Read the original post: Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group