Security News
Session Invalidation in Economizzer Allows Unauthorized Access After Logout
Posted by Ron E on May 16
A session management vulnerability exists in gugoan's Economizzerv.0.9-beta1. The application fails to properly invalidate user sessions
upon logout or other session termination events. As a result, a valid
session remains active and usable even after the user has attempted to log
out.
POST /web/category/create HTTP/2
Host: <host>
Cookie: _economizzerSessionId=<<REDACTED>>;
Persistent Cross-Site Scripting in Economizzer Category Entry
Posted by Ron E on May 16
A persistent cross-site scripting (XSS) vulnerability exists in gugoan'sEconomizzer v.0.9-beta1. The application fails to properly sanitize
user-supplied input when creating a new category via the
*category/create *endpoint.
An attacker can inject malicious JavaScript payloads that are permanently
stored and later executed in the context of any user who views the affected
entry.
https://<host>/web/category/create
POST...
Persistent Cross-Site Scripting in Economizzer Cashbook Entry
Posted by Ron E on May 16
A persistent cross-site scripting (XSS) vulnerability exists in gugoan'sEconomizzer v.0.9-beta1 The application fails to properly sanitize
user-supplied input when creating a new cash book entry via the
*cashbook/create* endpoint. An attacker can inject malicious JavaScript
payloads that are permanently stored and later executed in the context of
any user who views the affected entry.
https://<host>/web/cashbook/create
POST...
APPLE-SA-05-12-2025-9 Safari 18.5
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-05-12-2025-9 Safari 18.5Safari 18.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122719.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A type confusion issue could lead to memory corruption
Description: This...
APPLE-SA-05-12-2025-8 visionOS 2.5
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-05-12-2025-8 visionOS 2.5visionOS 2.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122721.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AppleJPEG
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination...
APPLE-SA-05-12-2025-7 tvOS 18.5
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-05-12-2025-7 tvOS 18.5tvOS 18.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122720.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AppleJPEG
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing a maliciously crafted media file may lead to
unexpected...
APPLE-SA-05-12-2025-6 watchOS 11.5
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-05-12-2025-6 watchOS 11.5watchOS 11.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122722.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AppleJPEG
Available for: Apple Watch Series 6 and later
Impact: Processing a maliciously crafted media file may lead to
unexpected app...
APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-05-12-2025-5 macOS Ventura 13.7.6macOS Ventura 13.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122718.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
afpfs
Available for: macOS Ventura
Impact: Mounting a maliciously crafted AFP network share may lead to
system...
APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-05-12-2025-4 macOS Sonoma 14.7.6macOS Sonoma 14.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122717.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
afpfs
Available for: macOS Sonoma
Impact: Connecting to a malicious AFP server may corrupt kernel memory
Description:...
APPLE-SA-05-12-2025-3 macOS Sequoia 15.5
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-05-12-2025-3 macOS Sequoia 15.5macOS Sequoia 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122716.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
afpfs
Available for: macOS Sequoia
Impact: Connecting to a malicious AFP server may corrupt kernel memory
Description: The...
BeyondTrust PRA connection takeover - CVE-2025-0217
Posted by Paul Szabo via Fulldisclosure on May 06
=== Details ========================================================Vendor: BeyondTrust
Product: Privileged Remote Access (PRA)
Subject: PRA connection takeover
CVE ID: CVE-2025-0217
CVSS: 7.8 (high) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Author: Paul Szabo <psz () maths usyd edu au>
Date: 2025-05-05
=== Introduction ===================================================
I noticed an issue in
BeyondTrust Privileged...
- « first
- ‹ previous
- 1
- 2
- 3
