[SECURITY] Fedora 35 Update: containerd-1.5.7-1.fc35

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware...

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

[SECURITY] Fedora 34 Update: containerd-1.5.7-1.fc34

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Apache CouchDB permission permission and access control issues vulnerability

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang.Apache CouchDB is vulnerable to a permission and access control issue that arises when an application fails to properly impose security restrictions and a remote authenticated user with permissio...

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

PT-2021-22017 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.1.2 Description: A malicious user with permission to create documents in a database can attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, any JavaScript code...

Apache CouchDB 跨站脚本漏洞

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang.Apache CouchDB is vulnerable to a permission and access control issue that arises when an application fails to properly impose security restrictions and a remote authenticated user with permissio...

Zammad 跨站脚本漏洞

Zammad is a Web-based open source help desk/customer support system. An attacker could upload an attachment to a "work order" via an "article", which could be exploited to inject malicious JavaScript code...

October 5, 2021, update for Office 2016 (KB4462197)

October 5, 2021, update for Office 2016 KB4462197 This article describes update 4462197 for Microsoft Office 2016 that was released on October 5, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

Session fixation

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

Concrete CMS 跨站请求伪造漏洞

PortlandLabs Concrete Cms is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site request forgery vulnerability exists in Concrete CMS that allows the deletion of comment attachments in the dialog section...

Search API attachments - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-034

This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes. The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code executio...

Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. As admin, put the below payloads in the related vulnerable field/s and save them there i...

Ransomware scammers target artists with fake Krita revenue deals

The Krita digital painting application is currently being targeted by ransomware authors. Available on Steam and other platforms, it’s a powerful tool with a very cheap purchase price and great reviews. A perfect bit of bait to start reeling in potential victims, in other words. How does the scam...

Misskey 代码问题漏洞

Misskey is a micro-blogging platform, and a code issue vulnerability exists in Misskey due to a server-side request forgery vulnerability in the software's "upload from URL" and remote attachment handling. This could lead to the disclosure of non-public information on the intranet. No details of...

KnockOutlook - A Little Tool To Play With Outlook

"The best feeling is to win by knockout." - Nonito Donaire Overview KnockOutlook is a C project that interacts with Outlook's COM object in order to perform a number of operations useful in red team engagements. Command Line Usage metadata of every account search : search for the provided keyword...