PT-2022-2503 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to the web-based management interface of Cisco Firepower Management Center FMC Software, where improper validation of user-suppli...

Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild

Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself ...

Cisco Webex Meetings 跨站脚本漏洞

Cisco Webex Meetings is a video conferencing solution from Cisco. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a vulnerability in the web-based interface of Cisco Webex Meetings that could allow an unauthenticated, remote attacker to conduct a cross-site...

CVE-2022-20647

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

Cisco Security Manager 跨站脚本漏洞

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco, which are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices. cross-site scripting vulnerability exists in Cisco Security Manager, which stem...

Cisco Security Manager 跨站脚本漏洞

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco USA that are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices.Cisco Security Manager is vulnerable to a cross-site scripting vulnerability...

CVE-2022-20636

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2022-20639

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

Cisco Security Manager 跨站脚本漏洞

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco, which are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices. cross-site scripting vulnerability exists in Cisco Security Manager, which can ...

PT-2022-1428 · Cisco · Cisco Ece

Name of the Vulnerable Software and Affected Versions: Cisco ECE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...

The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?

Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...

A week in security (Dec 6 – 12)

Last week on Malwarebytes Labs: Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend Click “OK” to defeat MFA Fake job interviews plague major game developers like Riot Games and Rockstar Has your WordPress site been backdoored by a skimmer? What is a search engine and why does...

CrossC2-1

It is an offensive tool for macOS. The repository contains a CrossC2 framework fork, version 2.0, created by gloxec. The tool includes various modules for tasks such as file management, password gathering, keylogging, browser data dumping, and more. The framework uses a loader script that include...

CVE-2020-4951

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information...

CVE-2020-4951

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information...

IBM Cognos Analytics 信息泄露漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can help companies adjust their decisions by analyzing key factors and key people, etc. An information disclosure vulnerability exists in IBM Cogno...

CVE-2021-1582

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller APIC or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. A...

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is a next-generation identity and access control policy platform that enables organizations to enforce compliance, enhance infrastructure security, and streamline their service operations. A stored cross-site scripting vulnerability exists in the Web management...

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website just by sending a message. That security-bypassing bug, CVE-2021-34506, is rated CVSS 5.4, or...

NVMS ABB Ability Ellipse APM 跨站脚本漏洞

NVMS ABB Ability Ellipse APM is an application from NVMS Thailand. It provides operational status and performance insights to prevent critical asset failures while optimizing asset lifecycle costs. Ellipse APM versions prior to 5.3.0.1, 5.2.0.3, and 5.1.0.6 are vulnerable to a cross-site scriptin...