Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-36121: OffSec’s Exploit Database Archive

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#apache#js#php#auth#chrome#webkit#ssl
Red Hat Insights Compliance: Introducing new customization options for policies

Maintaining compliance to cybersecurity standards can be a daunting task, but you can mitigate that by using Red Hat Insights. With the latest feature update, the Red Hat Insights Compliance reporting service now allows you to edit the rules in your policies to meet your organization's requirements, giving you visibility and control over your servers. Red Hat Insights is a managed service, included with every Red Hat Enterprise Linux (RHEL) subscription, that continuously analyzes platforms and applications to help you manage your hybrid cloud environment. Red Hat Insights uses predictive a

Joomla JLex Review 6.0.1 Cross Site Scripting

Joomla JLex Review extension version 6.0.1 suffers from a cross site scripting vulnerability.

General Device Manager 2.5.2.2 Buffer Overflow

General Device Manager version 2.5.2.2 suffers from a buffer overflow vulnerability.

CoolAdmin 1.0 SQL Injection

CoolAdmin version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE-2023-4045: Security Vulnerabilities fixed in Firefox ESR 102.14

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

CVE-2023-4052: Invalid Bug ID

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.

CVE-2023-34634: GreenShot 1.2.10 Arbitrary Code Execution ≈ Packet Storm

Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.

Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. "The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive