Active Super Shop CMS v2.5 – HTML Injection Vulnerabilities
Posted by info () vulnerability-lab com on Jul 19 Document Title: =============== Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2278...
Boom CMS v8.0.7 – Cross Site Scripting Vulnerability
Posted by info () vulnerability-lab com on Jul 19 Document Title: =============== Boom CMS v8.0.7 - Cross Site Scripting Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2274 Release...
Re: Citrix Gateway & Cloud MFA – Insufficient Session Validation Vulnerability
Posted by Jeffrey Walton on Jul 19 There's also https://en.wikipedia.org/wiki/Session_hijacking#Prevention One thing Jim Manico of OWASP recommends is to (re)prompt the user for their password...
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
Posted by Qualys Security Advisory via Fulldisclosure on Jul 19 Qualys Security Advisory CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent ======================================================================== Contents ======================================================================== Summary...
USN-6237-2: curl regression
USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for...
Practice Your Security Prompting Skills
Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as...
Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware
Lookout attributed WyrmSpy and DragonEgg to APT41 due to overlapping Android signing certificates Read More
Critical API Security Gaps Found in Financial Services
The Salt Security report also notes a 244% surge in unique attackers between H1 and H2 2022 Read More
USN-6238-1: Samba vulnerabilities
It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in...
How Cyber Threat Intelligence Practitioners Should Leverage Automation and AI
The Cyber Threat Intelligence Summit discussed how automation and generative AI could help CTI practitioners tackle the overload of data they have to process Read...