66 matches found
EUVD-2019-16794
Malware in sbrugna...
EUVD-2024-43530
Malicious code in bioql PyPI...
Hackers Use Google Docs and Steam to Spread ACRStealer Infostealer
A new information-stealing malware, ACRStealer, is leveraging legitimate platforms like Google Docs and Steam to carry out its…...
A week in security (February 17 – February 23)
Last week on Malwarebytes Labs: Healthcare security lapses keep piling up SecTopRAT bundled in Chrome installer distributed via Google Ads Google Docs used by infostealer ACRStealer as part of attack DeepSeek found to be sharing user data with TikTok parent company ByteDance Malwarebytes introduc...
Google Docs used by infostealer ACRStealer as part of attack
An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack, according to researchers. ACRStealer is often distributed via the tried and tested method of download as cracks and keygens, which are used in software piracy. The infostealer has bee...
CVE-2024-49672
Cross-Site Request Forgery CSRF vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through = 2.0.1...
CVE-2024-49672
Cross-Site Request Forgery CSRF vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1...
CVE-2024-49672
Cross-Site Request Forgery CSRF vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through = 2.0.1...
CVE-2024-49672 WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through = 2.0.1...
CVE-2024-49672 WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through = 2.0.1...
CVE-2024-49672
CVE-2024-49672 concerns the Google Docs RSVP WordPress plugin (versions n/a through 2.0.1). The entry documents a CSRF that enables Stored Cross-Site Scripting (XSS) in affected installs. Public details across connected sources consistently describe the issue as a CSRF to stored XSS vulnerability...
PT-2024-33624 · Google · Google Docs Rsvp
Name of the Vulnerable Software and Affected Versions: Google Docs RSVP versions n/a through 2.0.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability and Stored XSS in Google Docs RSVP. Recommendations: For versions n/a through 2.0.1, update to a version that...
WordPress plugin Google Docs RSVP 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Google Docs RSVP versions = 2.0.1...
WordPress Google Docs RSVP Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Google Docs RSVP Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49672 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 41657f6782b9 Credits SOPROBRO Required...
Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 (KB5002606)
Description of the security update for SharePoint Server Subscription Edition: July 9, 2024 KB5002606 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, Microsoft SharePoint remote code execution vulnerability, and Microsoft SharePoint Server...
CVE-2024-3245
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficie...
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpresscalendar' shortcode in all versions up to, and...
CVE-2024-2688
The CVE-2024-2688 entry concerns the WordPress plugin EmbedPress (all versions up to 3.9.12; 3.9.13 introduced a fix). Root cause: insufficient input sanitization and output escaping on EmbedPress widget attributes (embedpress_doc_custom_color). Impact: authenticated attackers with Contributor+ p...
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEPGOSU, said it's likely associated with the North Korean state-sponsored group...