The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the lack of security measures for website structures, allowing attackers to trigger service failures.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

QNAP Systems Qsync Central 后置链接漏洞

QNAP Systems Qsync Central is a cloud-based file synchronization service on a NAS from China Weilian Technology QNAP Systems. A backlink vulnerability exists in QNAP Systems Qsync Central version 4.4.0.1620240819 and prior versions, which stems from the inclusion of a link tracking vulnerability...

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

CVE-2024-11702

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled...

CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox 133 and Thunderbird 133...

CVE-2024-11702

CVE-2024-11702 concerns Mozilla Firefox and Mozilla Thunderbird information disclosure due to insufficient clipboard protection in Android Private Browsing mode. Affected products: Firefox and Thunderbird with versions prior to 133. Root cause: clipboard data (sensitive data such as passwords) co...

upKeeper 安全漏洞

upKeeper is a cloud-based or local solution from upKeeper Inc. A security vulnerability exists in upKeeper versions prior to 1.2, which stems from the presence of an incorrect privilege management vulnerability that allows privilege escalation...

Schneider Electric EcoStruxure IT Gateway 安全漏洞

Schneider Electric EcoStruxure IT Gateway is a suite of cloud-based data center management-as-a-service DMaaS offerings from Schneider Electric, a French company. A security vulnerability exists in Schneider Electric EcoStruxure IT Gateway that stems from a lack of authorization vulnerability tha...

Perforce Gliffy 安全漏洞

Perforce Gliffy is a Perforce software for charting via HTML5 cloud-based applications. A security vulnerability exists in Perforce Gliffy versions prior to 4.14.0-6 that stems from an insecure configuration...

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called...

Qualys Launches Enterprise TruRisk™ Management: The Industry’s First Cloud-Based Risk Operations Center

In today’s complex cybersecurity landscape, Chief Information Security Officers CISOs and business leaders require more than just a collection of disconnected tools to manage risks effectively—they need a unified, integrated approach. Today, we proudly announce the launch of Qualys Enterprise...

How Cloud-Based Solutions Are Transforming Software Quality Assurance

Cloud-based solutions are transforming the software quality assurance QA industry. As organizations increasingly migrate their development and verification…...

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials

Cybersecurity researchers are calling attention to a new QR code phishing aka quishing campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attacke...

Microsoft Entra ID 访问控制错误漏洞

Microsoft Entra ID is a cloud-based identity and management solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Entra ID that stems from the presence of an elevation of privilege issue...

It's Time To Untangle the SaaS Ball of Yarn

It's no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networks has become the...

upKeeper 安全漏洞

upKeeper is a cloud-based or local solution from upKeeper, Inc. A security vulnerability exists in upKeeper version 5.1.9 and prior versions that stems from the presence of an incorrect authentication vulnerability that allows bypassing authentication...

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP versions v15.0.x through v16.1.x. An attacker can exploit the vulnerability to...

Important: Red Hat Security Advisory: ipa security update

An update for ipa is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 9 : ipa (RHSA-2024:3757)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n arson when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...