Payload CMS 代码问题漏洞

PayloadCMS is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB.PayloadCMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted SVG files...

Ghost CMS 代码问题漏洞

Ghost CMS is an open source headless content management system CMS written in JavaScript from the Ghost Foundation in Singapore. A code issue vulnerability exists in Ghost v4.39.0 that allows an attacker to execute arbitrary code via a crafted SVG file...

CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

Design/Logic Flaw

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

CVE-2021-43177

CVE-2021-43177 affects Devise-Two-Factor prior to 4.0.2. The vulnerability results from an incomplete fix for CVE-2015-7225, allowing an attacker to reuse a One-Time-Password (OTP) for the immediately trailing interval. The issue is documented across multiple sources (e.g., NVD, GN, Debian, Ubunt...

CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild

Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself ...

PrivateBin 跨站脚本漏洞

PrivateBin is a minimalist open source online pastebin. PrivateBin versions prior to 1.4.0 have a cross-site scripting vulnerability , the vulnerability stems from the SVG can contain JavaScript. attackers use this vulnerability to execute code...

Chris Brame Trudesk 代码问题漏洞

Chris Brame Trudesk is an open source helpdesk/ticketing solution from Chris Brame USA. A code issue vulnerability vulnerability exists in versions prior to Chris Brame Trudesk 1.2.0 that stems from a lack of filtering and escaping in the svg file upload function...

Samsung SMR 缓冲区错误漏洞

Samsung SMR is a system patch package from South Korea's Samsung Samsung. Samsung SMR contains a heap buffer overflow vulnerability that can be exploited by attackers to execute code...

[SECURITY] Fedora 35 Update: gdal-3.3.3-1.fc35

Geospatial Data Abstraction Library GDAL/OGR is a cross platform C++ translator library for raster and vector geospatial data formats. As a library, it presents a single abstract data model to the calling application for all supported formats. It also comes with a variety of useful commandline...

Kraden: Found Origin IP's Lead To Access To kraden.com

Summary: Discovered that the kraden.com site exposed its Non-Cloudflare IP which could allow bypassing of anti-DDoS mechanisms. Description:Your origin servers are not blocking access from non-Cloudflare servers. This way crawlers can find your origin servers' IPs by checking random IPs until the...

EDR Is Dead. Long Live Multi-Vector EDR.

News of EDR’s demise has been greatly exaggerated. Fact is: older approaches to EDR have to move over. There’s a new solution now: Multi-Vector EDR. This blog reviews the highlights of our latest release of this critically important app on the Qualys Cloud Platform. Although it now seems like a...

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

Spring Framework RCE, Mitigation Alternative

Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcats side. While the vulnerability is not in...

Qualys Multi-Vector EDR Excels in 2022 MITRE ATT&CK Evaluation

MITRE evaluated Qualys Multi-Vector EDR against competing alternatives, and the results are in. This blog reviews the basics of MITRE ATT&CK evaluation, how our EDR solution performed, and how to interpret the ratings. MITRE Engenuity has released the results of round 4 of its ATT&CK Evaluations...

CVE-2022-22963

A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls. Mitigation...

[WP-H9] LenderPool.sol#start() startFeeFraction can be used by a malicious/compromised owner to rug lenders

Lines of code Vulnerability details A configurable startFeeFraction with no upper bound can be claimed by the caller to a specified address. The fee is not based on the gas cost, but on the totalLent of the pool. We believe this startFee reward is unnecessary and it creates a potential rug vector...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the U.S. Google Android has a security vulnerability that stems from a lack of permission checks in the settings that can read Bluetooth device names without proper permissions, which can be used by attackers to obtain sensitive...