CVE-2022-41913 Discourse-calendar exposes members of hidden groups

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...

4 Types of Cyber Crime Groups

Discover the four main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, and crowd sourcing as well as tips to strengthen your defense strategy...

podman: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

buildah: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

buildah: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

DDoS attacks in Q3 2022

News overview In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news was focused on the conflict between Russia and Ukraine, but other high-profile events also affected the DDoS landscape this quarter. The pro-Russian group Killnet, active since...

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

A phishing-as-a-service PhaaS platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day...

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the...

Researchers Detail New Malware Campaign Targeting Indian Government Employees

The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions ...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from an incorrect...

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

PT-2022-27229 · Typo3 · Femanager

Name of the Vulnerable Software and Affected Versions: femanager extension versions prior to 5.5.2 femanager extension versions 6.x prior to 6.3.3 femanager extension versions 7.x prior to 7.0.1 Description: The issue allows creation of frontend users in restricted groups if there is a usergroup...

GHSA-J5WX-JVW3-J363 Centreon vulnerable to SQL Injection

A SQL injection vulnerability in Centreon affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cgid leads to sql injection. The attack can be initiated remotely. Version 22.10.0-beta1 contains a patch for this issue...

Centreon vulnerable to SQL Injection

A SQL injection vulnerability in Centreon affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cgid leads to sql injection. The attack can be initiated remotely. Version 22.10.0-beta1 contains a patch for this issue...

CVE-2022-3827

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cgid leads to sql injection. The attack can be initiated remotely. The name of t...

Sql injection

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cgid leads to sql injection. The attack can be initiated remotely. The name of t...

CVE-2022-3827 centreon Contact Groups Form formContactGroup.php sql injection

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cgid leads to sql injection. The attack can be initiated remotely. The name of t...

PT-2022-28229 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.43.3 SoftwareX versions 0.43.3 through 0.99 Description: The issue arises when a transaction contains a dep group with many cells, resulting in resources required to process it not being linear to the transaction...

Centreon 安全漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon, which is caused by unknown code in the...