Authentication Bypass by Capture-replay

Overview Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established. Note: 1 Sequence numbers...

GHSA-RJHF-4MH8-9XJQ Zerocopy: Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

Zerocopy: Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

Cybercrooks leveraging anti automation toolkit for phishing campaigns

Cybercrooks Leveraging Anti Automation Toolkit for Phishing Campaigns By Vihar Shah and Rohan Shah · December 18, 2023 Threat actors have a track record of abusing tools hosted on GitHub for malicious purposes. Last year we showed how attackers abused Python’s tarfile module. Trellix Advanced...

Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

This advisory is also published as RUSTSEC-2023-0074. The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B type...

RUSTSEC-2023-0074 Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

PrestaShop SQL Injection Vulnerability (CNVD-2023-9749945)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the module havi...

openssl: Certificate policy check not enabled

A flaw was found in OpenSSL. The X509VERIFYPARAMadd0policy function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass t...

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easil...

Denial Of Service (DoS)

org.springframework: spring-web is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of validation for HTTP methods in DefaultServerRequestObservationConvention.java. This allows an attacker to inject specially crafted HTTP requests that may cause Denial of Service. Note tha...

Exploit for Unsafe Reflection in Hsqldb Hypersql_Database

Research into CVE-2022-41853: Using static functions to obtian...

CVE-2023-4594

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

Design/Logic Flaw

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

CVE-2023-6189 Improper Permission Handling in M-Files Server

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

CVE-2023-6189

The CVE-2023-6189 entry concerns the M-Files server prior to version 23.11.13156.0, where a lack of proper access permissions checks allows an attacker to perform data write and export operations via the M-Files API. Affected component: M-Files server; root cause: missing access control on API me...

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1 Identi...

Paid Memberships Pro < 2.12.4 - Subscriber+ Arbitrary File Upload

Description The plugin does not properly validate file type in its pmpropaypalexpresssessionvarsforuserfields function, which could allow any authenticated users, such as subscriber to upload arbitrary files on the server. Note: Exploitation of the issue requires 2Checkout deprecated since versio...

CVE-2023-44350 ColdFusion | Deserialization of Untrusted Data (CWE-502)

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

Oracle Linux 9 : avahi (ELSA-2023-6707)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6707 advisory. - Fix CVE-2023-1981 2186689 - Fix CVE-2021-3502 1949949 Tenable has extracted the preceding description block directly from the Oracle Linux security...