PT-2020-13416 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.2 through 13.0.1 Description: A user with an unverified email address could request access to domain-restricted groups. Recommendations: For GitLab EE versions 12.2 through 13.0.1, update to a version that contains a fix...

CVE-2020-6752

In OMERO before 5.6.1, group owners can access members' data in other groups...

Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework How it works? 1- Collect data from https://attack.mitre.org/ about attacker groups 2- Get data from user about attack 3- Compare data and create result Installation git clone...

A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Labs, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could...

Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years

A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide – including advocacy groups and journalists, elected and senior government officials, and hedge funds — over the course of seven years. Dark Basin conducted commercial...

8x8: IDOR: Adding Contacts to Other User Groups

The request to add a new contact performed insufficient validation on the specified group number. Altering the target group resulted in incrementing license count and disclosure of the name of the group, however access was not granted...

Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32375)

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code b...

libvirt security update

5.7.0-13.el7 - domain groups: Fix multiple Domain Group vCPU administration flaws Wim ten Have Orabug: 31145304 - qemu: fix missing if definedENABLEEXADATA Menno Lageman - build: Fix qemu-submodule-init syntax-check issue Wim ten Have - libvirt: Fix various introduced Fedora/RHEL build violations...

tcpdump security update

14:4.9.2-6 - Resolves: 1715423 - tcpdump pre creates user and groups unconditionally - Resolves: 1655622 - CVE-2018-19519 Stack-based buffer over-read in print-hncp.c:printprefix via crafted pcap...

CVE-2020-5881

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

Code injection

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

Microsoft Sway Abused in Office 365 Phishing Attack

A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Researchers attribute the campaign’s success to two parts: First, it leverages multiple Microsoft file-sharing services to...

CVE-2020-5881

The CVE-2020-5881 issue affects BIG-IP VE (not the hardware line) in versions 15.0.0–15.1.0.1, 14.1.0–14.1.2.3, and 13.1.0–13.1.3.3. When VLAN groups are configured and OSPF devices are present, NDAL Interfaces may lock up, disrupting communication between the mcpd and tmm processes and causing t...

CVE-2020-5881

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

APT trends report Q1 2020

For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

Linux: Ensure that only system accounts and system administrations have membership of the system team

A user in a group can access and unintentionally or maliciously modify another uers SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Rukovoditel Cross-Site Scripting Vulnerability (CNVD-2020-26655)

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A cross-site scripting vulnerability exists in the User Access Groups page of the Application Structure...

CVE-2020-11822

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...

Cross site scripting

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...

CVE-2020-11822

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...