Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

ReQlogic 11.3 Cross Site Scripting

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby
Label Studio 1.5.0 Server-Side Request Forgery

Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.

CVE-2023-27701: MuYucms sqldel.html has Arbitrary file deletion vulnerability · Issue #9 · MuYuCMS/MuYuCMS

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html.

ChatGPT happy to write ransomware, just really bad at it

We asked ChatGPT to help us write some ransomware. It threw aside its safeguards and wrote some terrible code. (Read more...) The post ChatGPT happy to write ransomware, just really bad at it appeared first on Malwarebytes Labs.

CVE-2023-25197

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2.

CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2.

Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo

Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence and Machine Learning: Malicious actors are increasingly leveraging AI and machine learning to

CVE-2023-23330: Amano Xparc Local File Inclusion (CVE-2023–23330) - Saleh - Medium

amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.

ChatGPT helps both criminals and law enforcement, says Europol report

Categories: News Tags: ChatGPT Tags: large language models Tags: LLMs Tags: jailbreak Tags: restrictions Tags: impersonating Tags: misinformation Subject matter experts at Europol were asked to explore how criminals can abuse LLMs such as ChatGPT, as well as how they may assist investigators in their daily work (Read more...) The post ChatGPT helps both criminals and law enforcement, says Europol report appeared first on Malwarebytes Labs.

CVE-2023-28630: Releases - Version notes | GoCD

GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The vulnerability is triggered only if the GoCD server host is misconfigured to have backups enabled, but does not have access to the `pg_dump` or `mysqldump` utility tools to backup the configured database type (PostgreSQL or MySQL respectively). In such cases, failure to launch the expected backup utility reports the shell environment used to attempt to launch in the server admin alert, which includes the plaintext database password supplied to the configured tool. This vulnerability does not affect backups of the default on-disk H2 database that GoCD is configured to use. This issue has been addressed and fixed in GoCD 23.1.0. Users are advi...