Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-2130: bug_report/SQLi.md at main · zitozito1/bug_report

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#php#auth#chrome#webkit
Apple's Macs Have Long Escaped Ransomware. That May Be Changing

The discovery of malicious encryptors for Apple computers could herald new risks for macOS users if the malware continues to evolve.

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot (aka Qakbot or Pinkslipbot) is a banking

AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation

AspEmail version 5.6.0.2 suffers from weak permission vulnerability that allows for local privilege escalation.

Bang Resto 1.0 SQL Injection

Bang Resto version 1.0 suffers from multiple SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to nu11secur1ty in December of 2022.

Bang Resto 1.0 Cross Site Scripting

Bang Resto version 1.0 suffers from a cross site scripting vulnerability.

CVE-2023-27755: go-bbs has an arbitrary file download vulnerability · Issue #10 · gobbscom/go-bbs

go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download.

Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight

Categories: Business Good tools gone bad. (Read more...) The post Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight appeared first on Malwarebytes Labs.

Update Chrome now! Google patches actively exploited flaw

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome zero-day Tags: CVE-2023-2033 Tags: V8 flaw Tags: V8 Google has released an updated version of Chrome to address a zero-day flaw that is being exploited in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited flaw appeared first on Malwarebytes Labs.

Fake Chrome updates spread malware

Categories: News Tags: chrome Tags: browser Tags: update Tags: fake Tags: malware Tags: monero Tags: miner Tags: cryptocurrency Tags: rogue Tags: hacked Tags: compromised Tags: site Tags: website We take a look at a slew of hacked websites pushing fake Chrome updates which are Monero miner malware in disguise. (Read more...) The post Fake Chrome updates spread malware appeared first on Malwarebytes Labs.