Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CE Phoenix 1.0.8.20 Cross Site Scripting

CE Phoenix version 1.0.8.20 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#php#auth
PyroCMS 3.0.1 Cross Site Scripting

PyroCMS version 3.0.1 suffers from a persistent cross site scripting vulnerability.

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack. The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhibits “sophisticated features such as custom encoding methods for client communication and in-memory execution,” Kaspersky security researcher Mert

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0)

Hackers Leak Thousands of Idaho National Lab Employees’ PII Data

By Waqas SiegedSec is the group responsible for the data breach at the Idaho National Laboratory (INL). This is a post from HackRead.com Read the original post: Hackers Leak Thousands of Idaho National Lab Employees’ PII Data

Windows Hello fingerprint authentication can be bypassed on popular laptops

Researchers have found several weaknesses in the fingerprint authentication for Windows Hello on popular laptops.

Citrix Bleed widely exploitated, warn government agencies

Citrix Bleed is being actively exploited by at least six cybercrime groups.

CVE-2023-49298: dnode_is_dirty: check dnode and its data for dirtiness by robn · Pull Request #15571 · openzfs/zfs

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.

CVE-2023-48708: Insertion of Sensitive Information into Log

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.