Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

A DIY Guide To Become An Alone Long Time Bughunter For Ordinary People

Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.

Packet Storm
Open in Source
#vulnerability#web#ios#mac#windows#google#microsoft#git#wordpress#intel#php#ldap#pdf#bios#acer#zero_day#chrome#firefox
Magento eCommerce 2.4.0 Information Disclosure

Magento eCommerce version 2.4.0 suffers from an information disclosure vulnerability.

Wizcyb Interactive 2.0 SQL Injection

Wizcyb Interactive version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

USB Flash Drives Control 4.1.0.0 Unquoted Service Path

USB Flash Drives Control version 4.1.0.0 suffers from an unquoted service path vulnerability.

CVE-2023-3144: Vulnerability/Online Discussion Forum Site - multiple vulnerabilities.md at main · Peanut886/Vulnerability

A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability.

CVE-2022-31693: CVE-2021-31693 VMware Tools Vulnerability in NetApp Products

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. "Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information

WordPress Updraft 0.6.1 Backup Disclosure

WordPress Updraft plugin version 0.6.1 suffers from an information disclosure vulnerability.

CVE-2023-3140: Security Advisories | KNIME

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.

CVE-2023-2541: Security Advisories | KNIME

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.