Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-45527: IMS has an arbitrary file upload vulnerability · Issue #2 · Future-Depth/IMS

File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#php#auth#chrome#webkit
CVE-2022-45526: IMS has SQL injection vulnerability · Issue #1 · Future-Depth/IMS

SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.

Stalkerware-type app developers fined by NY Attorney General

Categories: News Tags: stalkerware Tags: mobile Tags: device Tags: NYAG Tags: monitoring Tags: New York Tags: app Tags: developer We take a look at news that the NYAG has penalised developers of stalkerware-type apps, and the ramifications for those developers further down the line. (Read more...) The post Stalkerware-type app developers fined by NY Attorney General appeared first on Malwarebytes Labs.

CVE-2022-47419: Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.

CVE-2023-0705: Stable Channel Update for Desktop

Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS

Categories: Business See how our new offering Malwarebytes Security for Business helps you crush mobile malware and phishing attacks. (Read more...) The post Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS appeared first on Malwarebytes Labs.

CVE-2022-41342: INTEL-SA-00773

Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.7.1. for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2023-24276: ttt/18 at main · Am1ngl/ttt

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.

CVE-2023-23937: [Task]: Mime type check on Profile Avatar upload (#14125) · pimcore/pimcore@75a448e

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16.

CVE-2021-36443: CSRF vulnerability in imcat v5.4 · Issue #9 · peacexie/imcat

Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.