Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Crypto Currency Tracker (CCT) 9.5 Add Administrator

Crypto Currency Tracker (CCT) versions 9.5 and below suffer from a flaw that allows an administrative account to be added without authentication.

Packet Storm
#web#auth
Evsanati Radyo 1.0 Shell Upload

Evsanati Radyo version 1.0 suffers from a remote shell upload vulnerability.

New Malware Turns Windows and macOS Devices into Proxy Nodes

By Habiba Rashid Malware-Driven Proxy Servers Exploit Unsuspecting Users. This is a post from HackRead.com Read the original post: New Malware Turns Windows and macOS Devices into Proxy Nodes

The Most Popular Digital Abortion Clinics, Ranked by Data Privacy

Telehealth companies that provide abortion pills are surging in popularity. Which are as safe as they claim to be?

This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers

Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it's not immediately clear how many of them were co-opted by malware installed on

CVE-2023-40068: Advanced Custom Fields (ACF)

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

CVE-2023-39939: LuxSoft Home

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

CVE-2023-4349: Chromium: CVE-2023-4349 Use after free in Device Trust Connectors

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2023-2312: Chromium: CVE-2023-2312 Use after free in Offline

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2023-4368: Chromium: CVE-2023-4368 Insufficient policy enforcement in Extensions API

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**