Exploit for Code Injection in Cisco Telepresence_Video_Communication_Server

I started looking at Cisco Expressway after I noticed quite a fe...

Critical Chrome Update Counters Spyware Vendor’s Exploits

By Waqas Ensure Your Chrome Browser Is Up to Date and Secure: Enable Automatic Updates to Safeguard Against Cybersecurity Threats This is a post from HackRead.com Read the original post: Critical Chrome Update Counters Spyware Vendors Exploits...

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically...

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically...

CVE-2023-41312

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically...

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android ap...

CVE-2023-41312

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically...

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically...

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically...

CVE-2023-41311

CVE-2023-41311 concerns a privilege-control vulnerability in the audio module of Huawei’s HarmonyOS. According to the initial description, successful exploitation could cause an application to be activated automatically. Public access aggregates this CVE with a CVSS‑3.1 base score of 5.3 (AV:N/AC...

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response XDR capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcas...

CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0

A Denial of Service Dos vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets...

Improper Restriction of Excessive Authentication Attempts

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication 2FA. Although the application blocks the user after several failed...

HTTP-Shell - MultiPlatform HTTP Reverse Shell

HTTP-Shell is Multiplatform Reverse Shell. This tool helps you to obtain a shell-like interface on a reverse connection over HTTP. Unlike other reverse shells, the main goal of the tool is to use it in conjunction with Microsoft Dev Tunnels, in order to get a connection as close as possible to a...

[SECURITY] Fedora 37 Update: clamav-0.103.10-1.fc37

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

on hitting ceiling, the Bonds Manager re configures to stop collecting treasure cut, but does not have inverse logic

Lines of code Vulnerability details Impact The bonds manager configures itself to stop collecting treasury reward cut, if the balance in treasury is above the configured ceiling. But, the resetting of is managed by the admin account manually. The execution of proposals is based on funds in...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a privilege control vulnerability in the audio module. Successful exploitation of this...

CVE-2023-3222

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

Default credentials

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

CVE-2023-3222 Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...