CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

Today, CISA—along with the U.S. Federal Bureau of Investigation FBI, National Security Agency NSA, Polish Military Counterintelligence Service SKW, CERT Polska CERT.PL, and the UK’s National Cyber Security Centre NCSC—released a joint Cybersecurity Advisory CSA, Russian Foreign Intelligence Servi...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

Devise Security Breach

Devise is a flexible Warden-based authentication solution for Rails. A security vulnerability exists in versions prior to Devise 3.5.4 that stems from incorrectly disposing of a session cookie, which could allow an attacker to gain unauthorized access to a persistent application...

CVE-2023-48425

U-Boot vulnerability resulting in persistent Code Execution...

CVE-2023-48425

U-Boot vulnerability resulting in persistent Code Execution...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

Remote code execution

An oversight in BCB handling of reboot reason that allows for persistent code execution...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

CVE-2023-6181

CVE-2023-6181 affects Google Chromecast/Chromecast with Google TV via an oversight in the BCB reboot-handling that occurs in U-Boot, enabling persistent code execution. The issue is described across multiple feeds as a reboot-reason handling flaw with the root cause in BCB and potential for persi...

CVE-2023-48425

CVE-2023-48425 affects U-Boot and is described as a vulnerability that results in persistent code execution. The entry indicates a remote-accessable scenario (attack vector: NETWORK, attack complexity: LOW, privileges required: NONE) with high impact on confidentiality, integrity, and availabilit...

CVE-2023-48425

U-Boot vulnerability resulting in persistent Code Execution...

CVE-2023-48425

U-Boot vulnerability resulting in persistent Code Execution...

Google Chromecast Security Breach

Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from a security flaw in BCB that...

jetty: Improper validation of HTTP/1 content-length

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...

PT-2023-30845 · U-Boot · U-Boot

Name of the Vulnerable Software and Affected Versions: U-Boot affected versions not specified Description: The issue is related to a U-Boot vulnerability that results in persistent code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix fo...

PT-2023-32555 · Bcb · Bcb

Name of the Vulnerable Software and Affected Versions: BCB affected versions not specified Description: The issue is related to an oversight in BCB handling of reboot reason, allowing for persistent code execution. Recommendations: At the moment, there is no information about a newer version that...

UBUNTU-CVE-2022-45592

1 Server Side Request Forgery SSRF, 2 persistant Cross site scripting XSS, and 3 File upload vulnerability...

PHPJabbers Car Rental 3.0 Cross Site Scripting

Exploit Title: PHPJabbers Car Rental v3.0 - Multiple Stored XSS Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11,...

CVE-2022-45592

1 Server Side Request Forgery SSRF, 2 persistant Cross site scripting XSS, and 3 File upload vulnerability...