Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Solving the password’s hardest problem with passkeys, featuring Anna Pobletts

Categories: Podcast This week on Lock and Code, we speak with Anna Pobletts about the death of passwords, and how passkeys can become the non-compromising fix to authentication's biggest problems. (Read more...) The post Solving the password’s hardest problem with passkeys, featuring Anna Pobletts appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#mac#apple#google#git#auth
CVE-2023-27796: my-vuls/RG-EW PRO Series at main · winmt/my-vuls

RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua.

India Shut Down Mobile Internet in Punjab Amid Manhunt for Amritpal Singh

Plus: The “Clop” gang's ransomware spree, the DC Health Link breach comes into focus, and more.

Online Graduate Tracer System 1.0 SQL Injection

Online Graduate Tracer System version 1.0 suffers from a remote SQL injection vulnerability.

Sales Tracker Management System 1.0 Cross Site Scripting

Sales Tracker Management System version 1.0 suffers from a cross site scripting vulnerability.

CVE-2023-27242: Loan-Management-System/README.md at main · kaikai-11/Loan-Management-System

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.

CVE-2023-1612: SQL injection vulnerability exists in the /files/list-file interface of the rebuild system · Issue #598 · getrebuild/rebuild

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.

CVE-2023-1610: SQL injection vulnerability exists in the /project/tasks/list interface of the rebuild system · Issue #597 · getrebuild/rebuild

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability.

CVE-2023-27135: ttt/29 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.

CVE-2022-30037: XunRuiCMS v4.3.3 to v4.5.1 backstage code injection vulnerability(file write and file inclusion)

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.