Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2020-27449: Release Notes - ManageEngine Password Manager Pro

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#ubuntu#linux#cisco#dos#apache#redis#js#git#java#oracle#intel#c++#backdoor#rce#perl#ldap#nginx#samba#pdf#vmware#aws#log4j#oauth#auth#ssh#telnet#ibm#ruby#postgres#jira#chrome#firefox#sap#ssl
CVE-2020-28849: Cross Site Scripting Vulnerability leading to Remote File Inclusion · Issue #5477 · ChurchCRM/CRM

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

Ubuntu Security Notice USN-6278-2

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

Ubuntu Security Notice USN-6277-2

Ubuntu Security Notice 6277-2 - USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.

Request-Baskets 1.2.1 Server-Side Request Forgery

Request-Baskets version 1.2.1 suffers from a server-side request forgery vulnerability.

GHSA-6xjj-v76v-fwpj: Mattermost does not validate requesting user permissions before updating admin details

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.

Google’s “browse privately” is nothing more than a word play, lawyers say

Categories: News Categories: Privacy Tags: Google Tags: Chrome Tags: Incognito Tags: private mode Tags: fingerprinting Tags: cookies Tags: tracking Private browsing is not what users expect it to be (Read more...) The post Google’s “browse privately” is nothing more than a word play, lawyers say appeared first on Malwarebytes Labs.

CVE-2023-3824: Buffer overflow and overread in phar_dir_read()

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 

CVE-2023-40225

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.