#webkit

CVE-2023-45879: usd-2023-0019 - usd HeroLab

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.

12 months ago

#xss #csrf #vulnerability #web #php #webkit

CVE-2023-37790: Clarity PPM 14.3.0.298 Cross Site Scripting ≈ Packet Storm

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

12 months ago

CVE

Open in Source

#xss #vulnerability #web #windows #auth #chrome #webkit

CVE-2023-47102: Quantiano

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.

12 months ago

CVE

Open in Source

#web #ios #windows #apple #linux #js #java #chrome #webkit #firefox

CVE-2023-46485: TOTOlink X6000R command injection(setTracerouteCfg)

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.

12 months ago

CVE

Open in Source

#vulnerability #web #windows #apple #js #java #acer #chrome #webkit

CVE-2023-46484: TOTOlink X6000R command injetction (setLedCfg)

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.

12 months ago

CVE

Open in Source

#vulnerability #web #windows #apple #js #java #auth #chrome #webkit

Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws

Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.

12 months ago

Wired

Open in Source

#xss #vulnerability #web #ios #android #mac #apple #google #microsoft #cisco #dos #intel #rce #pdf #vmware #buffer_overflow #samsung #huawei #auth #xiaomi #zero_day #chrome #webkit #sap

CVE-2023-45996: Vuln0wned Report: SQL Injection in member_type.php · Issue #216 · slims/slims9_bulian

SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.

12 months ago

CVE

Open in Source

#sql #csrf #vulnerability #web #windows #apple #php #chrome #webkit

CVE-2023-5566: shortcodes.php in smpl-shortcodes/tags/1.0.20/includes – WordPress Plugin Repository

The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

12 months ago

CVE

Open in Source

#xss #web #wordpress #php #auth #webkit

Safari Side-Channel Attack Enables Browser Theft

The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.

1 year ago

DARKReading

Open in Source

#vulnerability #web #ios #mac #apple #java #perl #chrome #webkit #firefox

Update now! Apple patches a raft of vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856 Tags: CVE-2023-40404 Tags: CVE-2023-41977 Tags: Vim Apple has released security updates for its phones, iPads, Macs, watches and TVs. (Read more...) The post Update now! Apple patches a raft of vulnerabilities appeared first on Malwarebytes Labs.

1 year ago

Malwarebytes

Open in Source

#vulnerability #web #ios #mac #apple #buffer_overflow #auth #webkit