ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

[SECURITY] [DSA 4918-1] ruby-rack-cors security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4918-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2021 https://www.debian.org/security/faq -...

70 European and South American Banks Under Attack By Bizarro Banking Malware

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed "Bizarro" by Kaspersky researchers, the Windows malware is "using affiliates or...

Debian DSA-4916-1 : prosody - security update

Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Debian DSA-4915-1 : postgresql-11 - security update

Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Fedora: Security Advisory for djvulibre (FEDORA-2021-d4c1c98a58)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: djvulibre-3.5.27-25.fc32

DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...

The vulnerability of the User Interface sub-component of the Oracle Labor Distribution component in the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the User Interface sub-component of the Oracle Labor Distribution component in the Oracle E-Business Suite is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...

[SECURITY] Fedora 33 Update: djvulibre-3.5.27-27.fc33

DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...

BSA-2020-1166

Security Advisory ID : BSA-2020-1166 Component : OpenSSL Revision : 1.0 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a...

spotify-song-suggestor (=0.0.0), transcend-boilerplate-multipage-react (>=1.0.0 <=1.0.1) +8 more potentially affected by CVE-2021-29486 via cumulative-distribution-function (=1.0.3)

cumulative-distribution-function NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on cumulative-distribution-function and may be impacted: - spotify-song-suggestor =0.0.0 - transcend-boilerplate-multipage-react =1.0.0, =1.0.2, =1.0.1,...

Debian: Security Advisory (DSA-4907-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-31935

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list payload in the common name that is mishandled in the scheduling view...

CVE-2021-31935

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list payload in the common name that is mishandled in the scheduling view...

CVE-2021-29486

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs...

Design/Logic Flaw

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs...

cumulative-distribution-function 输入验证错误漏洞

cumulative-distribution-function is a software application. Computes a statistical cumulative distribution function from an array of x-valued data. A security vulnerability exists in cumulative-distribution-function versions prior to 2.0.0, which stems from the fact that an application using this...

Open-xchange OX App Suite 跨站脚本漏洞

Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite 7.10.4 and prior...