Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

DANGEROUS MAILER-CLONED 2.0 Information Disclosure

DANGEROUS MAILER-CLONED version 2.0 suffers from an information leakage vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#php#auth#firefox
DaillyTools Remote Command Execution

DaillyTools suffers from a remote command execution vulnerability.

CakePHP Test Suite 2.7.0 Cross Site Scripting

CakePHP Test Suite version 2.7.0 suffers from a cross site scripting vulnerability.

Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Local File Inclusion

Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a local file inclusion vulnerability.

AGVirtues Galeria 2.0 SQL Injection

AGVirtues Galeria version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE-2023-37192: The Bitcoin app is vulnerable to hackers!

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.

Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report. "When given the opportunity, TA453

CVE-2020-21861: Insecure configuration causes getshell · Issue #I182Y4 · 王爷/DuxCMS2.1支持php7.0以上版本 - Gitee.com

File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.

CVE-2023-35937: metersphere 存在权限检查缺失漏洞

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue.

RHSA-2023:3925: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...