Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Roxy Fileman 1.4.5 Shell Upload

Roxy Fileman versions 1.4.5 and below for .NET suffer from a remote shell upload vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#apple#microsoft#js#java#php#auth#chrome#webkit
WebsiteBaker 2.13.3 Cross Site Scripting

WebsiteBaker version 2.13.3 suffers from a cross site scripting vulnerability.

dotclear 2.25.3 Shell Upload

dotclear version 2.25.3 suffers from a remote shell upload vulnerability.

Paradox Security Systems IPR512 Denial Of Service

Paradox Security Systems version IPR512 suffers from a denial of service vulnerability.

CVE-2023-1969: bug_report/SQLi-1.md at main · Gear-D/bug_report

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands

Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild. The two vulnerabilities are as follows - CVE-2023-28205 - A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content. CVE-2023-28206 - An out-of-bounds write issue in

CVE-2023-23762: Release notes - GitHub Enterprise Server 3.7 Docs

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.

TikTok, Other Mobile Apps Violate Privacy Regulations

App developers are ignoring laws and guidelines regulating data protection measures aimed at minors, putting their monetization plans in jeopardy and risking user trust.

CVE-2023-27808: H3C Magic R100 was discovered stack overflow via the DeltriggerList interface at /goform/aspForm - HackMD

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.