Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

Threat Roundup (Feb. 24 - March 3)

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 24 and March 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

TALOS
Open in Source
#sql#vulnerability#web#mac#windows#google#microsoft#js#git#intel#c++#pdf#botnet#auth#chrome#firefox
CVE-2023-24643: mycve/SQLi-3.md at main · 594238758/mycve

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.

CVE-2023-24642: mycve/SQLi-2.md at main · 594238758/mycve

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.

CVE-2023-24641: mycve/SQLi-1.md at main · 594238758/mycve

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.

Real Estate CRM Pro 5.7 SQL Injection

Real Estate CRM Pro from IT Ways version 5.7 appears to suffer from a remote SQL injection vulnerability that can allow for authentication bypass.

ProtonVPN launches extensions for Chrome and Firefox browsers

By Waqas ProtonVPN is currently available in three packages, including one free and two paid. This is a post from HackRead.com Read the original post: ProtonVPN launches extensions for Chrome and Firefox browsers

Ubuntu Security Notice USN-5880-2

Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perf...

CVE-2023-26256: CVEs/CVE-2023-26256.md at main · 1nters3ct/CVEs

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

CVE-2023-26255: CVEs/CVE-2023-26255.md at main · 1nters3ct/CVEs

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.