Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

How State and Local Governments Can Serve Citizens More Securely

The top 10 priorities of state CIOs underscore the importance of securing applications and APIs in complex environments.

DARKReading
#vulnerability#ios#git#perl#auth
Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes Mobile

A spoofed version of an Israeli rocket-attack alerting app is targeting Android devices, in a campaign that shows how cyber-espionage attacks are shifting to individual, everyday citizens.

Google Chrome to Mask User IP Addresses to Protect Privacy

By Waqas The feature is called IP Protection, and it's important to note that it is not a VPN. A VPN encrypts all of a user's traffic, while IP Protection only masks their IP address. This is a post from HackRead.com Read the original post: Google Chrome to Mask User IP Addresses to Protect Privacy

Debian Security Advisory 5531-1

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

CVE-2021-26734

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.

How to Install Microsoft Exchange Updates with Reliability

By Owais Sultan Installing Microsoft Exchange Updates can be a challenging task, as it may lead to various issues in the… This is a post from HackRead.com Read the original post: How to Install Microsoft Exchange Updates with Reliability

CVE-2023-5205: Add Custom Body Class <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Wordfence Intelligence

The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-4635: EventON <= 2.2.2 - Reflected Cross-Site Scripting — Wordfence Intelligence

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-5132: Soisy Pagamento Rateale <= 6.0.1 - Missing Authorization to Sensitive Information Exposure — Wordfence Intelligence

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).

CVE-2023-37824: [CVE-2023-37824] Improper neutralization of SQL parameters in the Sitolog Application Connect module from Sitolog for PrestaShop

Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php.