Description of the security update for SharePoint Server Subscription Edition: February 14, 2023 (KB5002353)

Description of the security update for SharePoint Server Subscription Edition: February 14, 2023 KB5002353 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the...

Description of the security update for SharePoint Enterprise Server 2016: February 14, 2023 (KB5002350)

Description of the security update for SharePoint Enterprise Server 2016: February 14, 2023 KB5002350 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the vulnerability, see ​​​​​​​Microsoft Common Vulnerabilities and...

Description of the security update for SharePoint Server 2019: February 14, 2023 (KB5002342)

Description of the security update for SharePoint Server 2019: February 14, 2023 KB5002342 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities, see...

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)

Description of the security update for SharePoint Foundation 2013: February 14, 2023 KB5002347 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,...

Splunk 代码问题漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A code...

Remote Code Execution(RCE)

libxpm is vulnerable to Remote Code ExecutionRCE. When processing .Z or .gz file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable...

Path Traversal – Reading Certain File Extensions

BigBlueButton 2.5.6 is vulnerable to a path traversal vulnerability, that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions txt, swf, svg, png. PoC: 1- Submit a request to...

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the gro...

Top 5 ransomware detection techniques: Pros and cons of each

In the fight against ransomware, much of the discussion revolves around prevention and response. Actually detecting the ransomware, however, is just as important to securing your business. To understand why, just consider the following example. Lets say youre a farmer taking care of a flock of...

Zenbuster - Multi-threaded URL Enumeration/Brute-Forcing Tool

ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin @0xTas. I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most...

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel XLM 4.0 to trick...

CVE-2022-2102

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...

Design/Logic Flaw

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...

CVE-2022-2102 Secheron SEPCOS Control and Protection Relay

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...

CVE-2022-31041 Insufficient content-type validation for uploaded files in open-forms

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users e.g. only PDF / Excel / .... The input validation of uploaded fil...

Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

GHSA-H77W-655F-6J3M Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

It’s business as usual for REvil ransomware

After the FBS arrested 14 of its members in January, and a subsequent lull in action, the REvil ransomware gang appears to be back. We say "appears" because its still unclear whether the groups operations have indeed restarted. To the trained eye, REvils movements seem out of sorts. When REvils o...

DumpSMBShare - A Script To Dump Files And Folders Remotely From A Windows SMB Share

A script to dump files and folders remotely from a Windows SMB share. Features Only list shares with --list-shares. Select only files with given extensions with --extensions or all files. Choose the local folder to dump to with --dump-dir. Select base folder to search from in the share with...

showdoc .md file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .md file extensions in the application's file upload feature. An attacker could use this vulnerability to...