Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-41629: CVE-Advisory/CVE-2023-41629-eSST-Path-Traversal.pdf at main · post-cyberlabs/CVE-Advisory

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal.

CVE
Open in Source
#vulnerability#git#pdf
CVE-2023-41630: CVE-Advisory/CVE-2023-41630-eSST-Preauth-RCE.pdf at main · post-cyberlabs/CVE-Advisory

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.

CVE-2023-41631: CVE-Advisory/CVE-2023-41631-eSST-RCE.pdf at main · post-cyberlabs/CVE-Advisory

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function.

Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack

Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.

Amazon Quietly Wades Into the Passkey Waters

The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.

GHSA-g4mx-q9vg-27p4: urllib3's request body not stripped after redirect from 303 status changes request method to GET

urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 303 "See Other" after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although the behavior of removing the request body is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. From [RFC 9110 Section 9.3.1](https://www.rfc-editor.org/rfc/rfc9110.html#name-get): > A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. ## Affected usages Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believ...

UAE, US Partner to Bolster Financial Services Cybersecurity

The two countries agree to share financial services information and provide cross-border training and best practices.

Watch Out: Attackers Are Hiding Malware in 'Browser Updates'

Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.

Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users

By Deeba Ahmed KEY FINDINGS Cybersecurity firm Checkmarx has discovered a new wave of supply chain attacks exploiting bugs in popular… This is a post from HackRead.com Read the original post: Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users

CVE-2023-27133: TSPlus 16.0.0.0 Insecure Permissions ≈ Packet Storm

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.