119 matches found
CVE-2022-1538 Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...
CanesSpy Spyware Discovered in Modified WhatsApp Versions
Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy. These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such modded software as well as Telegram...
Minecraft Community on High Alert as Malware Infects Popular Mods
By Waqas Dubbed Fracturizer, researchers delving into the malware's GitHub repository have classified this malware as "extraordinarily perilous. This is a post from HackRead.com Read the original post: Minecraft Community on High Alert as Malware Infects Popular Mods...
CVE-2023-29478
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution...
Updated minetest packages fix security vulnerability
This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...
KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and...
CVE-2022-39221
McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program,...
CVE-2022-0537
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...
WordPress plugin MapPress Maps代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress MapPress Maps plugin has an authorization problem vulnerability that stems from a lack of authentication measures or...
Debian: Security Advisory (DSA-5075-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware
The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to...
Critical SonicWall NAC Vulnerability Stems from Apache Mods
Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution RCE on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server. The bug CVE-2021-20038 is one of five vulnerabilities discovered in its...
PT-2021-4559
Name of the Vulnerable Software and Affected Versions Chromium versions prior to 97.0.4692.71-0.1deb11u1 qtwebengine5 version 5.15.8 ungoogled-chromium version 113.0.5672.92-1.1 chromedriver version 95.0.4638.69-1.1 nodejs-electron version 13.6.2-1.1 Chromium-gost versions 96.0.4664.45-alt2.c9.1...
[SECURITY] Fedora 34 Update: minetest-5.4.1-1.fc34
Game of mining, crafting and building in the infinite world of cubic blocks with optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available...
[SECURITY] Fedora 32 Update: minetest-5.4.1-1.fc32
Game of mining, crafting and building in the infinite world of cubic blocks with optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available...
[SECURITY] Fedora 33 Update: minetest-5.4.1-1.fc33
Game of mining, crafting and building in the infinite world of cubic blocks with optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available...
CVE-2020-13994
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker...
CVE-2020-13992
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...
CVE-2020-13992
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...
CVE-2020-13993
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...