PT-2022-25918 · Unknown · Open Source Sacco Management System

Name of the Vulnerable Software and Affected Versions: Open Source SACCO Management System version 1.0 Description: A SQL injection issue was found in the id parameter at the /sacco shield/ajax.php?action=delete plan API endpoint. This allows for potential exploitation. Recommendations: For Open...

North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks

A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedI...

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

ISC BIND Buffer Overflow Vulnerability

ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a buffer overflow vulnerability that originates when reusing an HTTP connection to request statistics from the stats channel, where the length of the contents of...

[SECURITY] Fedora 36 Update: moodle-3.11.10-1.fc36

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

GLPI 注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware version 5.7.14 and earlier versions, which stems from...

Google Introduces Bug Bounty Program for Open-Source Software

By Deeba Ahmed Through the bug bounty program, ethical hackers will get rewards ranging from $100 - $31,337, depending on their discovered bug’s severity. This is a post from HackRead.com Read the original post: Google Introduces Bug Bounty Program for Open-Source Software...

Hitachi Energy Gateway Station (GWS) Product

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Product Vulnerability: Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate...

CVE-2022-31195

CVE-2022-31195 affects DSpace open source software, specifically the ItemImportServiceImpl, which is vulnerable to a path traversal when processing SAF packages. A malicious SAF package could cause a file/directory to be created anywhere writable by the Tomcat/DSpace user, but only if the attacke...

CVE-2022-31192

The CVE-2022-31192 issue affects DSpace JSPUI (the Request a Copy feature) where input values submitted via the form are not properly escaped, enabling cross-site scripting (XSS) attacks in the JSPUI. The vulnerability is limited to JSPUI and does not affect XMLUI or other components. Remediation...

CVE-2022-31194

The CVE-2022-31194 issue affects DSpace JSPUI in the resumable upload path, where SubmissionController and FileUploadRequest allow path traversal to write files/directories on the server, limited to users with submitter privileges (not anonymous/basic users). Root cause: manipulating submission r...

Securing Open-Source Software

Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualiti...

Jenkins Plugin Recipe 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. Jenkins is an open source automation server that provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery...

Jenkins Plugin Recipe 安全漏洞

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An authorization issue vulnerability...

Kreado Kreasfero 代码问题漏洞

Kreado Kreasfero is an open source CMS from the German company Kreado. A security vulnerability exists in Kreado Kreasfero version 1.5, which stems from an inability to properly clean up files uploaded to the media directory, and can be exploited by an attacker to upload malicious PHP files and...

A week in security (May 9 – 15)

Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scam Virtual credit cards coming to Chrome: What you need to know Clearview AI banned from selling facial recognition data in the US Cyberattacks on SATCOM networks attributed to Russian threat actors F5 BIG-IP vulnerabilit...

ZoneMinder Remote Code Execution Vulnerability

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A remote code execution vulnerability exists in versions prior to ZoneMinder 1.36.13, which can be exploited by attackers to cause arbitrary code execution...

GLPI 信息泄露漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...