Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers

An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The comprises CVE-2023-28432 (CVSS score: 7.5) and

The Hacker News
Open in Source
#vulnerability#web#windows#linux#git#backdoor#rce#auth#The Hacker News
RHSA-2023:4910: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update

Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a ma...

ImpressionTech CMS 1.4 SQL Injection

ImpressionTech CMS version 1.4 suffers from a remote SQL injection vulnerability.

Impress CMS 1.3.9 Open Redirection

Impress CMS version 1.3.9 suffers from an open redirection vulnerability.

ImgHosting 1.3 HTML Injection

ImgHosting version 1.3 suffers from a html injection vulnerability.

Humhub 1.3.13 Shell Upload

Humhub version 1.3.13 suffers from a remote shell upload vulnerability.

CVE-2023-4749: 【CVE-2023-4749】Open Source AMPLE Inventory Management System v1.0 by mayuri_k has a File Inclusion Vulnerability

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.

A week in security (August 28 - September 3)

Categories: News Tags: week Tags: security Tags: August Tags: 2023 A list of topics we covered in the week of August 28 to September 3, 2023. (Read more...) The post A week in security (August 28 - September 3) appeared first on Malwarebytes Labs.

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. “A

CVE-2023-4736: patch 9.0.1833: [security] runtime file fixes · vim/vim@816fbcc

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.