Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5471: cve/Farmacia System.pdf at main · miziha6/cve

A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608.

CVE
Open in Source
#sql#vulnerability#mac#git#php#pdf
The Israel-Hamas War Erupts in Digital Chaos

Hacktivism is increasingly a feature of modern kinetic warfare. It’s playing out with particular ferocity in the conflict between Israel and Hamas.

CVE-2023-43641: Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution.

GHSA-gjjr-63x4-v8cq: langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.

CVE-2023-44812: GitHub - ahrixia/CVE-2023-44812: mooSocial v3.1.8 is vulnerable to cross-site scripting on Admin redirect function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.

CVE-2023-44813: GitHub - ahrixia/CVE-2023-44813: mooSocial v3.1.8 is vulnerable to cross-site scripting on Invite Friend function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.

CVE-2023-43271: vuln/70mai_a500s_backdoor.md at master · Question-h/vuln

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here's a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.

CVE-2023-44811: GitHub - ahrixia/CVE-2023-44811: mooSocial v3.1.8 is vulnerable to Cross Site Request Forgery (CSRF) which allows attacker to change admin password.

Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.

CVE-2023-44400: Admin (portal user) Audit Logs and Activities · Issue #3481 · louislam/uptime-kuma

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.