Design/Logic Flaw

Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group e.g. staff to view certain tags. Users who were tracking or watching th...

CVE-2021-43792 Notifications leak in Discourse

Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group e.g. staff to view certain tags. Users who were tracking or watching th...

CVE-2021-43792

Discourse CVE-2021-43792 affects the open-source discussion platform where the tag visibility feature allows a tag group (e.g., staff) to see certain tags. If a user tracked or watched tags via /preferences/tags and their staff status is revoked, they will still receive notifications related to t...

CVE-2021-44279

Librenms 21.11.0 is affected by a Cross Site Scripting XSS vulnerability in includes/html/forms/poller-groups.inc.php...

Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF aka Rich Text Format template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique...

Librenms 跨站脚本漏洞

Librenms is a PHP and MySQL based open source network monitoring system for the Librenms community. The system features custom alerts, auto-discovery of network environments, and automatic updates.Librenms suffers from a cross-site scripting vulnerability that originates in...

PT-2021-23938 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.11 Description: A vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature in Discourse, an open source discussion platform. This feature allows a tag group ...

CVE-2021-24749

The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack...

PT-2021-16250

Name of the Vulnerable Software and Affected Versions: URL Shortify WordPress plugin versions prior to 1.5.1 Description: The issue is related to the lack of a CSRF check when bulk-deleting links or groups, which could allow attackers to make a logged-in admin delete arbitrary links and groups vi...

OESA-2021-1445 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.CVE-2020-24303 A signature verification vulnerability exists in crewjam/saml. Thi...

Oracle Linux 7 : openssh (ELSA-2021-4782)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4782 advisory. 7.4p1-22.0.1 - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation openssh bz3012 Orabu...

GHSA-J4MV-2RV7-V2J9 Improper Privilege Management in Concrete CMS

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group...

Improper Privilege Management in Concrete CMS

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group...

What Avengers Movies Can Teach Us About Cybersecurity

Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals. If we choose to go with...

Security researchers play peek-a-boo with Conti ransomware server

It’s not been a great time for ransomware authors recently. Well, some ransomware authors at any rate. While many are making huge amounts of money from their device-locking antics, its not a profession without risk. Every so often something can and does go wrong, and ransomware groups get into al...

FBI issues flash alert after APT groups exploited VPN flaws

By Waqas With this; FatPipe joins the list of VPN providers that have faced a similar situation in the past, including Fortinet, Cisco, Pulse Secure, and Citrix. This is a post from HackRead.com Read the original post: FBI issues flash alert after APT groups exploited VPN flaws...

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West...

Groups Target Alibaba ECS Instances for Cryptojacking

We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero...

Boofuzz - Network Protocol Fuzzing for Humans

Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything. Why? Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance. Features Like Sulley,...

Are cybercriminals turning away from the US and targeting Europe instead?

Significant cyberattacks against critical targets in Europe have doubled in the past year, according to EU figures obtained by CNN. And with the announced pressure from the US against major ransomware gangs we can expect these figures to go up even more. Its also clear from recent attacks that th...