Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

MVC Shop 0.5 Directory Traversal

MVC Shop version 0.5 suffers from a directory traversal vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#google#git#php#auth#firefox
PHP Live 3.1 Cross Site Scripting

PHP Live version 3.1 suffers from a cross site scripting vulnerability.

Acelle Email Marketing 4.0.25 Arbitrary File Upload

Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.

Kesion CMS X 2.0 Add Administrator

Kesion CMS X version 2.0 suffers from an unauthenticated add administrator vulnerability.

CVE-2023-3183: bugReport/XSS.md at main · wenwochunfeng/bugReport

A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163.

Ransomware review: June 2023

Categories: Ransomware Categories: Threat Intelligence May saw a record number of 556 reported ransomware victims, the unusual emergence of Italy and Russia as major targets, and a significant rise in attacks on the education sector. (Read more...) The post Ransomware review: June 2023 appeared first on Malwarebytes Labs.

CVE-2023-0342: Ops Manager Server Changelog — MongoDB Ops Manager 6.0

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

Update your Cisco System Secure Client now to fix this AnyConnect bug

Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: anyconnect Tags: system secure client Tags: VPN Tags: bug Tags: patch Tags: update Tags: vulnerability Tags: SYSTEM We take a look at a recent update for Cisco Secure System Client and why you should apply the update as soon as possible. (Read more...) The post Update your Cisco System Secure Client now to fix this AnyConnect bug appeared first on Malwarebytes Labs.

CVE-2023-3177: cvv/Lost and Found Information System - multiple vulnerabilities.md at main · AnotherN/cvv

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.

CVE-2023-34243: Fix 500 error on entering a registered Windows login with invalid password by Cyberboss · Pull Request #1526 · tgstation/tgstation-server

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban.