120 matches found
EUVD-2022-42342
Malicious code in bioql PyPI...
CVE-2022-39907
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write...
CVE-2022-38973
Improper access control for some IntelR ArcTM graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access...
Ransomware in December 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their dark web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. Lockbit has rebounded from i...
Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as...
Fixed in Apache Tomcat 9.0.71
Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...
Malware Distribution via Google PPC by IcedID Botnet Distributors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The IcedID botnet has been using Google pay-per-click ads to distribute itself through malvertising attacks since December 2022. Malvertising involves the use of malicious ads that are displayed in searc...
The Bug Report December 2022 Edition
The Bug Report — December 2022 Edition By Trellix · January 4, 2023 This story was also written by John Borrero Rodriguez Everyone gets it Why am I here? Ho Ho Ho! Welcome back to the Bug Report, or a more fitting name for this time of year: The NAUGHTY List! Yes, we checked it twice. It is no...
seojungeng.com Cross Site Scripting vulnerability OBB-3123487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress GeoDirectory Plugin < 2.2.22 is vulnerable to Cross Site Scripting (XSS)
Software GeoDirectory Type Plugin Vulnerable versions 2.2.22 Fixed in 2.2.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4775 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7a04d6649370 Credits István Márton Require...
WordPress Passster – Password Protection Plugin < 3.5.5.8 is vulnerable to Cross Site Scripting (XSS)
Software Passster – Password Protection Type Plugin Vulnerable versions 3.5.5.8 Fixed in 3.5.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-24837 Patch priority Medium CVSS severity Medium 6.3 Developer Patrick Posner PSID b41d0cd0e690 Credits...
alarme-marseille-avps.com Cross Site Scripting vulnerability OBB-3121263
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ecodeli.com Cross Site Scripting vulnerability OBB-3120909
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
masterpiecetranslation.com Cross Site Scripting vulnerability OBB-3120262
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
annlatinovich.com Cross Site Scripting vulnerability OBB-3119275
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
amforaproperty.com Cross Site Scripting vulnerability OBB-3118648
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
munipuchuncavi.cl Cross Site Scripting vulnerability OBB-3118406
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions
Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link for...
espaceclient.netrevolution.com Cross Site Scripting vulnerability OBB-3117282
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
poslovni.hr Cross Site Scripting vulnerability OBB-3116159
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...