#web

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Categories: Personal Cybersecurity could be as easy as 1-2-3. The problem, though, is that people have to want it. (Read more...) The post 3 crucial security steps people should do, but don't appeared first on Malwarebytes Labs.

Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: IOS X Tags: remote management Tags: vulnerability Tags: CVE-2023-20198 Tags: webUI Tags: http server Tags: http secure-server Researchers have found that a recently disclosed vulnerability in Cisco IOS XE has already rendered thousands of compromised devices. (Read more...) The post Cisco IOS XE vulnerability widely exploited in the wild appeared first on Malwarebytes Labs.

By Owais Sultan In the complex, fast-paced universe of the internet, where businesses battle fiercely to rank higher on search engine… This is a post from HackRead.com Read the original post: Link Farming: SEO Boost or Cybersecurity Threat?

Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.

By Waqas The Fantom Foundation has acknowledged the breach and is currently conducting an investigation after hackers managed to steal more than $550,000 in cryptocurrency. This is a post from HackRead.com Read the original post: Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day Flaw

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.

The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.