BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy ...

CVE-2023-27859 IBM Db2 code execution

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID:...

Oracle MySQL Server 8.x <= 8.0.34, 8.1.0 Security Update (cpujan2024) - Windows

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

USN-6568-1 clamav update

The ClamAV package was updated to a new upstream version to remain compatible with signature database downloads...

Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)

Summary IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like-named jar file in another database. Vulnerability Details CVEID:CVE-2023-278...

PT-2024-41017 · Clamav · Clamav

Name of the Vulnerable Software and Affected Versions: ClamAV affected versions not specified Description: The issue concerns the ClamAV package, which was updated to a new upstream version. This update was necessary to maintain compatibility with signature database downloads. There is no...

PySQLRecon - Offensive MSSQL Toolkit Written In Python, Based Off SQLRecon

PySQLRecon is a Python port of the awesome SQLRecon project by @sanjivkawa. See the commands section for a list of capabilities. Install PySQLRecon can be installed with pip3 install pysqlrecon or by cloning this repository and running pip3 install . Commands All of the main modules from SQLRecon...

Apache Superset 资源管理错误漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A denial of service vulnerability exists in Apache Superset, which can be exploited by an authenticated attacker to upload a malicious ZIP for importing databases, dashboards, or datasets,...

Cross-site Scripting in @spscommerce/ds-react

Impact XSS, anyone using the SPS Select with options prop populated from user input is impacted. If these options are stored, then it could have been a stored XSS. Patches The code has been patched for version 7 of woodland. Users should upgrade to 7.17.4 or higher Workarounds This is not...

What to do if your company was mentioned on Darknet?

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile, MailChimp and OpenAI in 2023. But are we really conscious of the tru...

CVE-2023-42476

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...

CVE-2023-42476

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...

Code injection

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...

CVE-2023-42476 Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...

How IT teams can conduct a vulnerability assessment for third-party applications

Google Chrome, Adobe Acrobat Reader, TeamViewer, you name it—there’s no shortage of third-party apps that IT teams need to constantly check for vulnerabilities. But to get a better picture of the problem, lets bust out some napkin math. The average company uses about 200 applications overall...

Medium: dovecot

Issue Overview: An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied...

Fedora: Security Advisory for galera (FEDORA-2023-7fe02ec473)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: galera-26.4.16-1.fc37

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 38 Update: galera-26.4.16-1.fc38

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 39 Update: galera-26.4.16-1.fc39

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...