Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Digisha CMS 1.2.7 SQL Injection

Digisha CMS version 1.2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
Open in Source
#sql#vulnerability#windows#google#php#auth#firefox
DigaSell Digital Store PHP Script 1.0.0 SQL Injection

DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.

Doma CMS 1.0 Cross Site Scripting

Doma CMS version 1.0 suffers from a cross site scripting vulnerability.

Deprixa 3.2.5 Cross Site Request Forgery

Deprixa version 3.2.5 suffers from a cross site request forgery vulnerability.

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was

CVE-2023-38248: Adobe Security Bulletin

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal

Siemens RUGGEDCOM CROSSBOW

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM CROSSBOW ​Vulnerabilities: Out-of-bounds Read, Improper Privilege Management, SQL Injection, Missing Authentication for Critical Function 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary database queries via SQL injection attacks, create a denial-of-service condition, or write arbitrary files to the application's file system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Siemens reports that the following server application is affected:  ​RUGGEDCOM CROSSBOW: Versions prior to V5.4 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​An issue found in SQLite3 v.3.35.4 that could allow a remote attacker to cause a denial of service via the appendvfs.c function. ​CVE-2021-31239 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is...

Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method, an app that has over 455 million monthly active