Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

WordPress Profile Builder 3.0.5 SQL Injection

WordPress Profile Builder plugin version 3.0.5 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#wordpress#php#perl#auth#ruby#firefox
Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available

Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.

Threat Source newsletter (Jan. 12, 2023): Did ChatGPT write our newsletter?

We tried to get ChatGPT to write this week’s newsletter but it was at capacity, so you’ll have to stick with us for another week. Or maybe that’s just what the robots want you to think, you be the judge

Securing the World's Energy Systems: Where Physical Security and Cybersecurity Must Meet

Energy has become the new battleground for both physical and cyber security warfare, driven by nation-state actors, increasing financial rewards for ransomware gangs and decentralized devices. Chris Price reports.

CVE-2022-43591: TALOS-2022-1650 || Cisco Talos Intelligence Group

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

CVE-2022-40983: TALOS-2022-1617 || Cisco Talos Intelligence Group

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

WhatsApp lawsuit against NSO Group greenlit by Supreme Court

Categories: News Tags: Pegasus Tags: spyware Tags: Pegasus spyware Tags: NSO Group Tags: NSO Tags: Apple Tags: WhatsApp Tags: Meta Tags: Foreign Sovereign Immunity Act The US Supreme Court essentially gave Meta’s WhatsApp the go ahead to pursue their case against Pegasus’s NSO Group. (Read more...) The post WhatsApp lawsuit against NSO Group greenlit by Supreme Court appeared first on Malwarebytes Labs.

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: CVE-2023-21674 Tags: APLC Tags: CVE-2023-21743 Tags: Sharepoint Tags: CVE-2023-21563 Tags: BitLocker The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges (Read more...) The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.

CVE-2017-14454: TALOS-2017-0502 || Cisco Talos Intelligence Group

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes.