BIT-ARGO-CD-2023-40029

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...

CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile

XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...

CVE-2022-31153 OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standar...

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's...

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incomi...

Google patches actively exploited zero-day bug that affects Chrome users

Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw - that means a vulnerability that is being actively exploited in the wild. The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedde...

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are rated...

Roommate And Real Estate Listing Classified Response 1.0 XSS Vulnerability

Roommate and Real Estate Listing Classified Response version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: Roommate and Real Estate Listing Classified Responsive Web Application - Cross Site Scripting Google Dork: N/A Date: 2017/22/12 Exploit Author: ShanoWeb Author Mail :...

Apple patches bug that showed device password rather than hint

By Waqas If you have updated your MacOS from the older version This is a post from HackRead.com Read the original post: Apple patches bug that showed device password rather than hint...

Firefox Integer overflow leading to a buffer overflow in nsScriptLoadHandler (CVE-2016-9066)

This post will explore how CVE-2016-9066, a simple but quite interesting from an exploitation perspective vulnerability in Firefox, can be exploited to gain code execution. tl;dr an integer overflow in the code responsible for loading script tags leads to an out-of-bounds write past the end of an...

RedHat Update for kernel RHSA-2016:1277-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 6 : pcs (CESA-2015:0990)

Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

CentOS 3 : httpd (CESA-2009:1205)

Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with...

[XSS] PHP-Nuke 7.4 ViewAdmin Bug

CODEBUG Labs Advisory 3 Title: ViewAdmin Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org View Admin Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to view Admin account aid and to...