Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2023-37601: Office Suite Premium 10.9.1.42602 Local File Inclusion ≈ Packet Storm

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.

CVE
#vulnerability#ios#mac#apple#google#ubuntu#pdf#auth
CVE-2023-38617: Office Suite Premium 10.9.1.42602 Cross Site Scripting ≈ Packet Storm

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.

The federal government’s cybersecurity policies are falling into place just in time to be stalled again

Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.’s critical infrastructure security (and more).

OpenSSH Forwarded SSH-Agent Remote Code Execution

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

CVE-2023-3786: Full Disclosure: Aures Booking & POS Terminal

A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability.

Aures Booking And POS Terminal Local Privilege Escalation

Aures Booking and POS Terminal suffers from a local privilege escalation vulnerability.

Dooblou WiFi File Explorer 1.13.3 Cross Site Scripting

Dooblou WiFi File Explorer version 1.13.3 suffers from multiple cross site scripting vulnerabilities.