211 matches found
Update now! Apple confirms vulnerabilities are already being exploited
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make su...
CVE-2024-11243
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has...
CVE-2024-11243
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has...
Online Shop Store 代码注入漏洞
Online Shop Store is an online store system from Online Shop Store, Inc. A code injection vulnerability exists in Online Shop Store version 1.0, which stems from a cross-site scripting vulnerability in the m2 parameter of the /signup.php file...
This Week in Spring - March 26th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Sam Brannen shares some good news: a null-safe Index operator for the Spring Expression Language SpEL is coming to Spring Framework 6.2! This is interesting, and a nice application of AI do I even need to spell out "artificia...
haircollection-m2.com Improper Access Control vulnerability OBB-3800859
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-22181
A reflected cross site scripting XSS vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi...
Cross site scripting
A reflected cross site scripting XSS vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi...
PT-2023-11613 · Samsung · Samsung Sww-3400Rw Router
Name of the Vulnerable Software and Affected Versions: Samsung sww-3400rw Router devices affected versions not specified Description: A reflected cross site scripting XSS issue was found in Samsung sww-3400rw Router devices. The issue is related to the m2 parameter of the "sess-bin/command.cgi"...
SAMSUNG sww-3400rw 跨站脚本漏洞
The SAMSUNG sww-3400rw Router is a wireless router from Samsung South Korea. The SAMSUNG sww-3400rw suffers from a cross-site scripting vulnerability that originates from cross-site scripting via the m2 parameter of sess-bin/command.cgi...
CVE-2020-22181
A reflected cross site scripting XSS vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi...
Atlassian Confluence 7.13.15 < 7.13.19 / 7.19.7 < 7.19.11 / 8.1.1 < 8.4.1 DoS (CONFSERVER-90185)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-90185 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...
Metasploit Weekly Wrap-Up
Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter, this module gains access to the target,...
Apache Tomcat DoS Vulnerability (May 2023) - Linux
Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...
Veritas NetBackup prior to 10.0 Privilege Escalation (VTS22-010#M2) (deprecated)
CVE-2023-28759 was part of VTS22-010M2 but is not any longer. It now appears on its own separate advisory, VTS23-006. A plugin for that advisory has replaced this one. %NASLMINLEVEL 80900 C Tenable, Inc. @DEPRECATED@ Disabled on 2022/05/12. Deprecated by veritasnetbackupVTS23-006.nasl...
New macOS malware steals sensitive info, including a user's entire Keychain database
A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...
New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords
A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer , it's the latest example of a threat that uses Telegram as a command-and-control C2 platform to exfiltrate data. It primarily affect...
macOS Patching Is Here!
In the past few years, many of our customers have seen a sharp increase in the number of Mac devices introduced to their environment. All those new Mac devices introduce new vulnerabilities that must be remediated. To keep up with the new volume of vulnerabilities, organizations had to opt-in, bu...
CVE-2022-26367
Improper buffer restrictions in some IntelR XMMTM 7560 Modem software before version M27560R01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access...
CVE-2022-27874
Improper authentication in some IntelR XMMTM 7560 Modem software before version M27560R01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access...