Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

10 Best Zippyshare Alternatives – Best File Sharing Services

By Waqas Zippyshare is no longer available after the service announced its shutdown on March 30th, 2023. This is a post from HackRead.com Read the original post: 10 Best Zippyshare Alternatives – Best File Sharing Services

HackRead
Open in Source
#web#ios#android#mac#windows#google#microsoft#linux
A week in security (April 10 - 16)

Categories: News Tags: Lock and Code S04E09 Tags: Bennett Cyphers Tags: Apple vulnerability Tags: phone charging station Tags: FBI Tags: Yum! Brands Tags: KFC Tags: Pizza Hut Tags: Patch Tuesday Tags: sextortion Tags: malvertising Tags: Weebly Tags: AI Tags: virtual kidnapping Tags: ransomware review Tags: ransomware in the UK Tags: ransomware in France The most interesting security related news from the week of April 10 - 16. (Read more...) The post A week in security (April 10 - 16) appeared first on Malwarebytes Labs.

CVE-2022-30076: ENTAB ERP 1.0 Information Disclosure ≈ Packet Storm

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

CVE-2022-28353: MyBB External Redirect Warning 1.3 Cross Site Scripting ≈ Packet Storm

In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS.

CVE-2023-2101: mogu_blog_v2-FileRestApi#uploadPicsByUrl-存在SSRF漏洞(mogu_blog_v2-FileRestApi#uploadPicsByUrl has a SSRF vulnerability) · Issue #97 · moxi624/mogu_blog_v2

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

Threat Roundup for April 7 to April 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 7 and April 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2023-2057: vul_report/XSS1.md at main · sleepyvv/vul_report

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.

CVE-2023-29847: Stored XSS Vulnerability on AeroCMS v0.0.1 · Issue #11 · MegaTKC/AeroCMS

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2023-29850: EXIF Geolocation Data Not Stripped From Uploaded Images · Issue #186 · slims/slims9_bulian

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.