Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2023-30122: bug_report/RCE-1.md at main · xtxxueyan/bug_report

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2023-30203: bug_report/SQLi-2.md at main · debug601/bug_report

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.

CVE-2023-30077: cve_report/SQLi-1.md at main · Dzero57/cve_report

Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.

CVE-2023-30204: bug_report/SQLi-3.md at main · debug601/bug_report

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php.

OpenEMR 7.0.1 Authentication Bruteforce Mitigation Bypass

OpenEMR versions 7.0.1 and below remote authentication bruteforcing tool that bypasses mitigations.

PHPJabbers Simple CMS 5.0 Cross Site Scripting

PHPJabbers Simple CMS version 5.0 suffers from a persistent cross site scripting vulnerability.

CVE-2023-32007: Security | Apache Spark

** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This issue was disclosed earlier as CVE-2022-33891, but incorrectly claimed version 3.1.3 (which has since gone EOL) would not be affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to upgrade to a supported version of Apache Spark, such as version 3.4.0.

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security Labs researcher Daniel Stepanic said in an analysis published last week. "One

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.