GHSA-2M5G-8XPW-42VP OpenCFP Framework (Sentry) Account takeover via null password reset codes

OpenCFP, an open-source conference talk submission system written in PHP, contains a security vulnerability in its third-party authentication framework, Sentry, developed by Cartalyst. The vulnerability stems from how Sentry handles password reset checks. Users lacking a password reset token stor...

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia

The Black Basta ransomware-as-a-service RaaS operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency...

HackerOne: Bypassing the victim's phone number OTP in the account recovery process on the https://hackerone.com/settings/auth/setup_account_recovery

Vulnerability description not provided...

NTLM Relay Gat - Powerful Tool Designed To Automate The Exploitation Of NTLM Relays

NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of...

New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

By Waqas A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. penspark This is a post from HackRead.com Read the original post: New Goldoon Botnet Targeting...

Cybercriminals Forge Alliances via Compromised Routers

...

Medium: curl

Issue Overview: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this b...

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior t...

Unauthorized Access

oro/platform is vulnerable to Unauthorized Access. The vulnerability is due to inadequate access control measures within the OroPlatform's handling of page state data, which allows logged-in users to access the page state data of pinned pages belonging to other users by exploiting pageId hashes...

CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

The vulnerability of the getParams method in Inductive Automation Ignition software allows a perpetrator to execute arbitrary code.

The vulnerability of the getParams method in Inductive Automation Ignition software lies in the ability to exploit or modify arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to the server...

Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...

Ubuntu 16.04 LTS / 18.04 LTS : curl vulnerability (USN-6641-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6641-1 advisory. Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that...

GHSA-5W2H-59J3-8X5W TYPO3 Install Tool vulnerable to Code Execution

Problem Several settings in the Install Tool for configuring the path to system binaries were vulnerable to code execution. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. The corresponding change for this advisory involves...

Microsoft Teams External Access Abuses to Spread DarkGate Malware

By Waqas Threat actors are exploiting Microsoft Teams' External Access feature to spread DarkGate malware through chats. This is a post from HackRead.com Read the original post: Microsoft Teams External Access Abuses to Spread DarkGate Malware...

Exploit for Deserialization of Untrusted Data in Wpengine Better_Search_Replace

PoC exploit for CVE-2023-6933, a vulnerability in a web applicat...

Kasseika Ransomware Employs BYOVD Tactic to Impair Defenses

Summary: The ransomware operation Kasseika has recently been identified using the Bring Your Own Vulnerable Driver BYOVD tactic. This involves exploiting vulnerabilities in a loaded driver to disable antivirus software before initiating the file encryption process. Through this strategy, the...

How ransomware operators try to stay under the radar

An often heard remark is that when your security solution notices a ransomware attack, it’s already too late. Theres a lot of truth in that, if you consider the encryption process to be the ransomware attack. However, these days encryption is just a part of many ransomware attacks. Some of the...

Cross site scripting

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...