9293 matches found
4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to...
[SECURITY] Fedora 34 Update: suricata-6.0.4-1.fc34
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
Multiple Vulnerabilities in JP1/Automatic Operation
Overview Multiple vulnerabilities have been found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit
This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...
RHEL 8 : curl (RHSA-2021:4511)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4511 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
Vulnerability fixed in Microsoft Malware Protection Engine
Microsoft has fixed a vulnerability in the Microsoft Malware Protection Engine as used by Windows Defender and Microsoft System Center Endpoint Protection. The vulnerabilities allow a malicious person to execute arbitrary code. The following table lists the vulnerabilities...
Forced Entry: A Security Test for Automatic Garage Doors
In this blog entry we revisit threats to automatic garage doors by using SDR to test two attack scenarios. We demonstrate a rolling code attack and one that involves a hidden remote feature...
CVE-2021-31379
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service DoS to the PFE on the device which is disabled as a result of the processing of these...
CVE-2021-31379
CVE-2021-31379 describes an Incorrect Behavior Order vulnerability in Juniper Junos OS MAP-E automatic tunneling on MX Series MPC 7/8/9/10/11 cards when MAP-E IP reassembly is enabled. Exploitation leads to a Denial of Service (DoS) where the PFE is disabled after processing malformed IPv4/IPv6 p...
Mobile Access Portal Agent before Build 800007042 runs Arbitrary Applications
Cause Mobile Access Portal Agent runs predefined Native Applications. If administrator configured such application with environment variables in the path, Portal Agent may run an arbitrary application that was placed in a specially created location. Symptoms - When environment variables are used ...
Integrating Akamai mPulse with Consent Management Providers
Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the...
Exploit for Path Traversal in Apache Http_Server
masscve-2021-41773 MASS CVE-2021-41773 Screenshot...
Fedora: Security Advisory for rust-wasmtime-cache (FEDORA-2021-68713440cb)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: rust-wasmtime-cache-0.30.0-1.fc35
Support for automatic module caching with Wasmtime...
Citrix IME might not be set as active IME automatically while using Local IME in Chinese, Japanese, or Korean
Citrix IME might not be set as active IME automatically at the VDA sidewhile using Local IME in Chinese, Japanese, or Korean. For example, when users enable the keyboard layoutoptions of dynamic sync and Local IME and start a VDA session with Japanese IME, the IME at the VDA side should be switch...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored XSS Content allows for the arbitrary execution of JavaScript Proof of Concept In Wechat management at feature - Reply rule management - Follow reply configuration - Default reply configuration - Follow automatic replies Save Reply text with payload : \x3csVg/\x3e XSS will trigg...
Exploit for CVE-2021-38647
OMIGOD Proof on Concept Exploit for CVE-2021-38647 OMIGOD F...
Remote code execution
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious Active...
GLPI 安全漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
CVE-2021-40444
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious Active...