Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use

Summary An improper uploaded media ownership check can result in inadvertent deletion of media when a user is banned with content removal or purged. This can lead to deletion of media that was not uploaded by the banned/purged user. This also applies to purged communities, in which case all media...

The Real Problem With Banning Masks at Protests

Privacy advocates worry banning masks at protests will encourage harassment, while cops’ high-tech tools render the rules unnecessary...

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbe...

CVE-2024-2880

CVE-2024-2880 affects GitLab CE/EE. A user with the admin_group_member custom role could ban group members. Affected versions start from 16.5 up to, but not including, 16.11.6; 17.0 up to, but not including, 17.0.4; and 17.1 up to, but not including, 17.1.2. Remediations are the fixed releases: 1...

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...

CS Money: Attacker can generate cancelled transctions in a user's transaction history using only Steam ID

Summary: The API endpoint /create-payment requires only the steam ID of the account to create the payment. When this endpoint is called using the cardpay flow, it returns a transaction ID on the Cardpay system. The attacker can access this transaction, and immediately cancel it or pay it ; , whic...

Does TikTok Really Pose a Risk to US National Security?

Concerns about the Chinese government shouldn't be dismissed, experts say. But banning TikTok would be a drastic measure...

Fast-Google-Dorks-Scan - Fast Google Dorks Scan

A script to enumerate web-sites using Google dorks. Usage example: ./FGDS.sh megacorp.one Version: 0.035, June 07, 2020 Features: 1. Looking for the common admin panel 2. Looking for the widespread file types 3. Path traversal 4. Prevent Google banning Download Fast-Google-Dorks-Scan...

Valve: CSRF | Ban or unban users in broadcast's chat

Steps to reproduce Start broadcast Attacker needs to craft special HTML page Get broadcast's steam idit contains in URL: https://steamcommunity.com/broadcast/watch/STEAM ID/ If attacker wants to unban somebody, he needs to create HTML page like this: document.getElementById"csrf-form".submit Unba...

A week in security (March 19 – March 25)

Last week, we looked at the growing problem of smartphone addiction, how link rot is continually slicing down portions of the web, and the theft of our intellectual property. We also explored the landscape of DDoS problems, and tackled a Stephen Hawking 419 scam. Other news What can only really b...

France wants to BAN Tor and Free Wi-Fi Services after Paris Terror Attacks

Now this was to be done, Sooner or Later – The Government. In the wake of the recent deadly Paris terror attacks, the French government is considering new laws that would Ban access to Free Wi-Fi and the Tor anonymity network, according to a recent report by French newspaper Le Monde. The report...

WordPress Wordfence Plugin <= 5.2.3 - Bypass

This plugin is prone to banned IP functionality bypass vulnerability. Unlogged requests won't trigger automatic throttling and banning. Solution Update plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the 1 MIME-type field in an add action in the config-attachmenttypes module to admin/index.php; 2...

[SECURITY] Fedora 18 Update: fail2ban-0.8.10-1.fc18

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/errorlog and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. To use the hostsdeny and shorewall actions you must install tcpwrappers and shorewall respectively...

[SECURITY] Fedora 17 Update: fail2ban-0.8.10-1.fc17

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/errorlog and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. To use the hostsdeny and shorewall actions you must install tcpwrappers and shorewall respectively...

[SECURITY] Fedora 18 Update: fail2ban-0.8.8-1.fc18

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/errorlog and bans IP that makes too many password failures. It updates firewall rules to reject the IP address...

Fedora 17 : fail2ban-0.8.8-1.fc17 (2012-20619)

Update to 0.8.8 CVE-2012-5642 Bug 887914 - Fixes : - Alan Jenkins - 8c38907 Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid banning due to misconfigured DNS. Close gh-64 - Yaroslav Halchenko - 83109bc IMPORTANT: escape the content of if used in custom action files since its value...

Seditio SF Quick Ban 1.0 Cross Site Request Forgery

================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...

SourceBans 1.4.8 Local File Inclusion / SQL Injection

Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF...

SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection

Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF...