Mozilla: Extensions could have bypassed permission confirmation during update

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permission...

Demo

This repository is an offensive tool for domain enumeration and vulnerability scanning. It contains a collection of tools and scripts for performing domain enumeration, subdomain brute forcing, and database vulnerability scanning. The tools include SubDomainsBrute, wydomain, dnsmaper, orangescan,...

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

CVE-2021-22814

CVE-2021-22814 describes a Cross-site Scripting (CWE-79) vulnerability in Schneider Electric NMC embedded devices (NMC2 and NMC3) that can cause arbitrary script execution when a malicious file is read and displayed. Affected products span multiple Schneider Electric lines: 1-phase and 3-phase UP...

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

CVE-2021-22811

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply UP...

[SECURITY] Fedora 34 Update: clamav-0.103.5-1.fc34

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

Multiple vulnerabilities in HP Support Assistant

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. HP strives to address all security issues with HP...

CVE-2022-0322

A flaw was found in the sctpmakestrresetreq function in net/sctp/smmakechunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUGON issue, leading to a denial of service DOS. Mitigation...

[SECURITY] Fedora 35 Update: clamav-0.103.5-1.fc35

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

RAUDI - A Repo To Automatically Generate And Keep Updated A Series Of Docker Images Through GitHub Actions

RAUDI Regularly and Automatically Updated Docker Images automatically generates and keep updated a series of Docker Images through GitHub Actions for tools that are not provided by the developers. What is RAUDI RAUDI is what will save you from creating and managing a lot of Docker Images manually...

Security Updates for Microsoft Excel Products (January 2022)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerabilities: - Two remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-21840, CVE-2022-21841...

WordPress 5.8.3 Security Release

On January 6, 2022, the WordPress core team released WordPress version 5.8.3, which contains security patches for 4 high-severity vulnerabilities. These patches were backported to every version of WordPress since 3.7. WordPress has supported automatic core updates for security releases since...

UBUNTU-CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

in follow-redirects/follow-redirects

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

Skrull - A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It's a...

GSD-2021-1002814 hamradio: defer ax25 kfree after unregister_netdev

hamradio: defer ax25 kfree after unregisternetdev This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.89 by commit...

Security Bulletin: Vulnerability in Apache Log4j affects IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM CloudPak foundational services which is a dependency of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could all...

Dropbox: Send Fax from Anyone's HelloFax Account Due to Misconfigured Email Validation

The report demonstrates a method of using up HelloFax credits by forging email requests. A fix for the issue has been released and it was applied for existing and new users through an automatic update. An attacker could exploit this vulnerability by entering a victim’s HelloFax line number into a...

How to check for Windows updates and install them

Keeping Windows up to date is an important part of warding off malware, exploits, and other attacks. If you’re not running the latest version of your OS, it can give cybercriminals the leverage they need to compromise your system. Unfortunately not all machines are running automatic updates by...