Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in the XWiki Platform Index UI prior to version 13.10.6 and prior to version 14.3, which stems from the ability to store JavaScript that can be...

PT-2022-14473 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to improper input validation in the Messaging component, allowing files to be attached to messages without proper access checks. This could lead to local escalation of privilege wi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the US company Google. A security vulnerability exists in Google Android 13, which stems from the failure to properly perform input validation during its messaging process. An attacker can attach files to messages without performin...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version 5.2.0, which stems from its lack of proper access control and enforcement of authorization for certain attachment endpoints resulting in an unauthenticated attacker...

[SECURITY] Fedora 36 Update: containerd-1.6.6-5.fc36

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

SAP SuccessFactors Elevation of Privilege Vulnerability

SAP SuccessFactors is a cloud-based hcm software application from SAP, Germany. SAP SuccessFactors suffers from an elevation of privilege vulnerability that stems from an application endpoint misconfiguration. An attacker could use the vulnerability to elevate privileges and read or write...

CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...

CVE-2022-34551

Sims v1.0 was discovered to allow path traversal when downloading attachments...

CVE-2022-34551

Sims v1.0 was discovered to allow path traversal when downloading attachments...

CVE-2022-35291

Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...

CVE-2022-34551

Sims v1.0 was discovered to allow path traversal when downloading attachments...

Path traversal

Sims v1.0 was discovered to allow path traversal when downloading attachments...

CVE-2022-34551

CVE-2022-34551 affects Sims v1.0 and is a path-traversal vulnerability in the attachments download function. The issue enables traversal of the file system when downloading attachments, potentially exposing sensitive data (C: high confidentiality impact stated). No explicit exploitation details a...

PT-2022-15843 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows OS Command Injection via Documentconverter, for example, through an email attachment. Recommendations: For OX App Suite versions 7.10.6 and earlier, update to a version...

SAP SuccessFactors 安全漏洞

SAP SuccessFactors is a cloud-based hcm software application from SAP, Germany. SAP SuccessFactors suffers from an elevation of privilege vulnerability that stems from an application endpoint misconfiguration. An attacker could use the vulnerability to elevate privileges and read or write...

Sims 路径遍历漏洞

Sims is a student information management system by the Chinese individual developer RawChen. A security vulnerability exists in Sims v1.0, which originates from allowing path traversal when downloading attachments...

CVE-2022-29454

Cross-Site Request Forgery CSRF vulnerability in WordPlus Better Messages plugin = 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated...

WordPress plugin WordPlus Better Messages 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPlus...

Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication MFA. "The attackers then used the stolen credentials and session...