Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

GLPI Manageentities Local File Inclusion

GLPI Manageentities versions prior to 4.0.2 suffer from a local file inclusion vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#windows#ubuntu#linux#git#php#auth#firefox
SQL Monitor 12.1.31.893 Cross Site Scripting

SQL Monitor version 12.1.31.893 suffers from a cross site scripting vulnerability.

Grand Theft Auto III Vice City Skin File 1.1 Buffer Overflow

Grand Theft Auto III with Vice City Skin File version 1.1 suffers from a buffer overflow vulnerability.

CVE-2023-0977

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.

Western Digital Security Breach – Hackers infiltrate Internal Systems

By Waqas The cyberattack has forced the technology giant to shut down and take some of its operations offline. This is a post from HackRead.com Read the original post: Western Digital Security Breach – Hackers infiltrate Internal Systems

CVE-2022-27665: What's New in WS_FTP Server 2020.0.0 (8.7.0)

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.

CVE-2023-28625: Release release 2.4.13.2 · OpenIDC/mod_auth_openidc

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.

Mullvad VPN and Tor Project Release Mullvad Browser

By Waqas Mullvad VPN and the Tor Project Join Forces to Launch Mullvad Browser, a Privacy-Focused Web Browser. This is a post from HackRead.com Read the original post: Mullvad VPN and Tor Project Release Mullvad Browser

A week in security (March 27 - April 2)

Categories: News Tags: Lock and Code Tags: Anna Pobletts Tags: ChatGPT Tags: World Backup Day Tags: GitHub Tags: accidental breach Tags: DDoS service Tags: Instagram scammer Tags: top cyber threats of 2023 Tags: 3CX Tags: BingBang Tags: Apple Tags: EE phing Tags: phishing Tags: ransomware The most interesting security related news from the week of March 27 to April 2. (Read more...) The post A week in security (March 27 - April 2) appeared first on Malwarebytes Labs.