# webkit

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

#vulnerability #web #ios #mac #apple #google #zero_day #webkit

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

2 years ago

The Hacker News

WordPress Elementor Lite 5.7.1 Arbitrary Password Reset

#vulnerability #web #ios #mac #apple #google #rce #zero_day #webkit #sap #The Hacker News

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access. Versions 5.7.1 and below are affected.

2 years ago

CVE-2023-2203: Invalid Bug ID

#vulnerability #web #windows #apple #git #wordpress #intel #backdoor #auth #chrome #webkit #sap

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

2 years ago

CVE-2023-31903: OffSec’s Exploit Database Archive

#vulnerability #web #linux #red_hat #dos #webkit

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

2 years ago

CVE-2023-31904: OffSec’s Exploit Database Archive

#web #windows #apple #linux #php #rce #auth #chrome #webkit #ssl

savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.

2 years ago

Ivanti Avalanche FileStoreConfig Shell Upload

#web #mac #apple #auth #webkit #wifi

Ivanti Avalanche versions prior to 6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve remote command execution as NT AUTHORITY\SYSTEM.

2 years ago

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection

#vulnerability #web #js #git #java #rce #xpath #auth #webkit

GaanaGawaana Music Platform PHP Script version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

2 years ago

Red Hat Security Advisory 2023-2834-01

#sql #xss #vulnerability #web #mac #windows #apple #google #apache #git #php #auth #chrome #webkit

Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

2 years ago

#vulnerability #web #google #linux #red_hat #js #c++#buffer_overflow #webkit

CVE-2023-31572: CVE-nu11secur1ty/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 at main · nu11secur1ty/CVE-nu11secur1ty

An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.

2 years ago