Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-49485: cms/There is a storage type XSS in the column management department.md at main · Rabb1ter/cms

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.

CVE
Open in Source
#xss#vulnerability#git
CVE-2023-49487: cms/There is a stored XSS in the navigation management office.md at main · Rabb1ter/cms

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

CVE-2023-49444: GitHub - woshinibaba222/DoraCMS-File-Upload-Vulnerability

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

CVE-2023-49443: GitHub - woshinibaba222/DoraCMS-Verification-Code-Reuse

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

CVE-2023-49484: cms/There is a storage based XSS in the article management department.md at main · jiaofj/cms

Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.

CVE-2023-6245: fix error msg for empty type by chenyan-dfinity · Pull Request #478 · dfinity/candid

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.

Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS

By Waqas Another day, another Bluetooth vulnerability impacting billions of devices worldwide! This is a post from HackRead.com Read the original post: Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS

Cracked macOS Software Laced with New Trojan Proxy Malware

By Deeba Ahmed Stop installing pirated and cracked software to ensure the protection of your devices against Proxy Trojan and other new malware threats. This is a post from HackRead.com Read the original post: Cracked macOS Software Laced with New Trojan Proxy Malware

Ransomware-as-a-Service: The Growing Threat You Can't Ignore

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit