Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Embracing Minimalism: The “Less is More” Approach in UI/UX Design

By Owais Sultan In user interface (UI) and user experience (UX) design, the principle of “less is more” has emerged as… This is a post from HackRead.com Read the original post: Embracing Minimalism: The “Less is More” Approach in UI/UX Design

HackRead
Open in Source
#web#git
New BEC 3.0 Attack Exploiting Dropbox for Phishing

By Deeba Ahmed This is an active campaign, with 5,440 attacks detected in the first two weeks of September. This is a post from HackRead.com Read the original post: New BEC 3.0 Attack Exploiting Dropbox for Phishing

Chinese Hackers Are Hiding in Routers in the US and Japan

Plus: Stolen US State Department emails, $20 million zero-day flaws, and controversy over the EU’s message-scanning law.

CVE-2023-5300: CV3Cyb3R/2023/TTSPlanning/TTSPlanning.md at main · CV3TR4CK/CV3Cyb3R

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

CVE-2023-5298: cve/sql.md at main · szh0105/cve

A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability.

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability

GHSA-pp4w-g5p4-85p2: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-5jwv-m8h3-69cg: phpMyFaq Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.