Chromium CVE-2021-21144: Heap buffer overflow in Tab Groups

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Denial Of Service (DoS)

chromium is vulnerable to denial of service DoS. The vulnerability exists through a use after free in Tab Groups...

Google Chromium 缓冲区错误漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A buffer overflow vulnerability exists in Tab Groups in versions prior to Google Chrome 88.0.4324.146, which can be exploited by an attacker to cause heap corruptio...

DRUPAL-CONTRIB-2021-003

This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree. When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group,...

The SolarWinds Hackers Used Tactics Other Groups Will Copy

The supply chain threat was just the beginning...

Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'

Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw. Starting Feb. 9, Microsoft...

A week in security (January 4 – January 10)

Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe wont be supporting the updating and patching of its Flash Player software; covered the...

Malicious Software Infrastructure Easier to Get and Deploy Than Ever

Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious...

Regular Expression Denial of Service in CairoSVG

Doyensec Vulnerability Advisory Regular Expression Denial of Service REDoS in cairosvg Affected Product: CairoSVG v2.0.0+ Vendor: https://github.com/Kozea Severity: Medium Vulnerability Class: Denial of Service Authors: Ben Caller Doyensec Summary When processing SVG files, the python package...

VideoBytes: Offensive security tools and the bad guys that use them

Hello Folks! In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market. This article describes the VirusBulletin talk of a security researcher from Interzer Labs, Paul Litvak, in which he...

CVE-2020-35650

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

CVE-2020-35650

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

CVE-2020-35650

CVE-2020-35650 affects Uncanny Groups for LearnDash prior to v3.7, with multiple XSS vectors enabled by authenticated users. The vulnerability exists in various input points (POST parameters like ulgm_code_redeem, ulgm_user_first/last/email, ulgm_code_registration, ulgm_terms_conditions, _ulgm_to...

CVE-2020-35650

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

Uncanny Owl Groups for LearnDash Cross-Site Scripting Vulnerability

Uncanny Owl Groups for LearnDash is a plugin from Uncanny Owl Canada that provides the ability to sell courses for LearnDash in Wordpress. A cross-site scripting vulnerability exists in Uncanny Groups for LearnDash versions prior to v3.7, which allows an authenticated, remote attacker to inject...

Simplifying Proactive Defense With Threat Playbooks

Security defense strategy can be extremely complex, with security teams grappling with tens of thousands of information points and evolving attacker techniques, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs. Derek Manky FortiGuard Labs has...

A Logical Volume Manager / LVM primer for Linux

About LVM LVM is an abstraction layer that provides block devices same kind of disk partitions. This is done by using 3 layers: physical volumes PV - disk partitions; volume groups VG - aggregates of physical volumes, could be across multiple disks or multiple partitions, whatever; logical volume...

The Edge of a Storm?

The SolarWinds element of this breach is likely just the tip of the iceberg as many more businesses leveraging their management tools are exposed to this compromise. Not necessarily from the nation state actor believed to have triggered it, but from the potential sell off of those points of acces...

MediaWiki 跨站脚本漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. MediaWiki before 1.35.1 suffers from a cross-site scripting vulnerability tha...