2294 matches found
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...
CVE-2023-40313
CVE-2023-40313 affects OpenNMS Horizon before 32.0.2 and related Meridian versions, where a BeanShell interpreter running in remote server mode can lead to arbitrary remote Java code execution. Root cause is the remote BeanShell interpreter enabled in these versions. Consequences include potentia...
CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...
PT-2023-27376 · Opennms · Opennms Meridian +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38 Description: A BeanShe...
The vulnerability of the modDeepSecurity module in the monitoring and security management widget of Trend Micro Apex Central allows a attacker to perform an SSRF attack.
The vulnerability of the modDeepSecurity module in the monitoring panel of the Trend Micro Apex Central security management and monitoring tool is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...
The vulnerability of the modTMSL module in the monitoring and security management panel of Trend Micro Apex Central allows a attacker to perform an SSRF attack.
The vulnerability of the modTMSL module in the monitoring and security management widgets of Trend Micro Apex Central relates to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...
Design/Logic Flaw
An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...
Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw CVE-2022-24086, CVSS score: 9.8 in Adobe Commerce and Magento Open Source...
CVE-2023-28483
An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasi...
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods
The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...
Beyond File Search: A Novel Method
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software
A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login...
Veritas InfoScale Operations Manager prior to 8.0.0.410 Insecure File Upload (VTS23-009)
The Veritas InfoScale Operations Manager application installed on the remote host is prior to 8.0.0.410. It is, therefore, affected by an insecure file upload vulnerability. - The VIOM XPRTLD web application allows an authenticated attacker to upload all types of files to the server. An...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431,...
CVE-2023-38404
The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...
Command injection
The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...
CVE-2023-38404
The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...