Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-5763: Eclipse GlassFish Security Guide, Release 7

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

CVE
Open in Source
#xss#vulnerability#web#mac#windows#linux#dos#apache#js#git#java#oracle#intel#perl#ldap#amd#buffer_overflow#acer#auth#ssh#maven#ssl
CVE-2023-43982: [CVE-2023-43982] Server-Side Request Forgery (SSRF) in Bon Presta - SocialFeed - Photos & Video/Reels using the Instagram API for PrestaShop

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call.

CVE-2023-41914: Security Policy | SchedMD

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.

CVE-2023-36621: Stored XSS & Privilege Escalation in Boomerang Parental Control App

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.

CVE-2023-34261: Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.

GHSA-xr8c-mq5x-5f56: Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.

CVE-2023-42029: Security Bulletin: "Cross Site Scripting" affects IBM CICS TX Standard and IBM CICS TX Advanced

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.

CVE-2023-42027: Security Bulletin: "Cross Site Request Forgery" affects IBM CICS TX Advanced and IBM CICS TX Standard

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.

Exploring Software Categories: From Basics to Specialized Applications

By Waqas Software is the backbone of modern technology, serving various purposes across different sectors. The vast array of software… This is a post from HackRead.com Read the original post: Exploring Software Categories: From Basics to Specialized Applications

CVE-2023-46352: [CVE-2023-46352] Exposure of Private Personal Information to an Unauthorized Actor in Smart Modules - Pixel Plus: Events + CAPI + Pixel Catalog for Facebook module for PrestaShop

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.