πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-17416

A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.

πŸ“– Read

via "National Vulnerability Database".
18 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-17415

zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.

πŸ“– Read

via "National Vulnerability Database".
16 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-17414

zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.

πŸ“– Read

via "National Vulnerability Database".
15 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-17413

XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.

πŸ“– Read

via "National Vulnerability Database".
15 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-17412

zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.

πŸ“– Read

via "National Vulnerability Database".
14 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-16809

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

πŸ“– Read

via "National Vulnerability Database".
14 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.

πŸ“– Read

via "National Vulnerability Database".
14 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-16804

An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.

πŸ“– Read

via "National Vulnerability Database".
13 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-14499

An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.

πŸ“– Read

via "National Vulnerability Database".
14 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-14498

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

πŸ“– Read

via "National Vulnerability Database".
15 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-14038

The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.

πŸ“– Read

via "National Vulnerability Database".
14 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-14038

The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.

πŸ“– Read

via "National Vulnerability Database".
15 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-12447

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

πŸ“– Read

via "National Vulnerability Database".
15 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2013-7468

Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.

πŸ“– Read

via "National Vulnerability Database".
17 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2013-7467

Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.

πŸ“– Read

via "National Vulnerability Database".
23 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2013-7466

Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.

πŸ“– Read

via "National Vulnerability Database".
22 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ For sale: Gray-market iPhones that yield secrets to encryption ⚠

The prototype iPhones are slipping out of Apple's supply chain with disabled security, to the delight of researchers and jailbreakers.

πŸ“– Read

via "Naked Security".
Naked Security
Developer-only iPhones help reveal Apple’s secret security sauce
The prototype iPhones are slipping out of Apple’s supply chain with disabled security, to the delight of researchers and jailbreakers.
18 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Windows Calculator is going open source ⚠

Can the combined power of the world’s developers possibly improve the iconic Windows Calculator app? Microsoft seems to think so.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
16 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Zuck says Facebook is becoming more β€œprivacy focused” ⚠

Facebook's planning a new, highly integrated platform and talking a lot about encrypted messaging.

πŸ“– Read

via "Naked Security".
Naked Security
Zuck says Facebook is becoming more β€œprivacy focused”
Facebook’s planning a new, highly integrated platform and talking a lot about encrypted messaging.
14 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” How to create a transformational cybersecurity strategy: 3 paths πŸ”

Enterprises must build a security strategy that is aligned with business needs.

πŸ“– Read

via "Security on TechRepublic".
TechRepublic
How to create a transformational cybersecurity strategy: 3 paths
Enterprises must build a security strategy that is aligned with business needs.
19 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Firefox picks up advertiser-dodging tech from Tor ⚠

Letterboxing comes straight from the Tor browser, and will help Firefox users avoid advertisers that follow them around the web.

πŸ“– Read

via "Naked Security".
Naked Security
Firefox picks up advertiser-dodging tech from Tor
Letterboxing comes straight from the Tor browser, and will help Firefox users avoid advertisers that follow them around the web.
21 views