25 matches found
Zyxel NBG6604 Command Injection Vulnerability (CNVD-2023-64085)
The Zyxel NBG6604 is a dual-band wireless router from China's Hopkins Zyxel. The Zyxel NBG6604 V1.01ABIR.1C0 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the NTP function. An attacker can...
FreeBSD : wordpress -- multiple issues (5df757ef-a564-11ec-85fa-a0369f7f7be0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5df757ef-a564-11ec-85fa-a0369f7f7be0 advisory. - wordpress developers reports: This security and maintenance release features 1 bug fix in addition to...
wordpress -- multiple issues
wordpress developers reports: This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. The security team would li...
Zyxel NBG6604 代码问题漏洞
The Zyxel NBG6604 is a dual-band wireless router from China-based Hopkins Technology Zyxel. An access control error vulnerability exists in the Zyxel NBG6604 that originates from the product's CGI program allowing users with expired sessions to access the device. No details of the vulnerability a...
hopkinsmedicine.org Cross Site Scripting vulnerability OBB-2135714
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| hopkinsmedicine.org ---|--- Open Bug...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 9 in index.js. PoC var root = require"ffmpeg-sdk"; root.execute"touch JHU"; Remediation There is no fixed version for ffmpeg-sdk. Credit: JHU System Security Lab...
hopkinsmedicine.org Cross Site Scripting vulnerability OBB-1365011
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
hopkinsmedicine.org Cross Site Scripting vulnerability OBB-1227648
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
hopkinsmedicine.org Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1150884 Security Researcher ELProfesor Helped patch 2814 vulnerabilities Received 8 Coordinated Disclosure badges Received 107 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting hopkinsmedicine.org...
Covid-19 Poll Results: One in Four Prioritize Health Over Privacy
One in four respondents to a Threatpost reader poll said they were okay with sacrificing a portion of their personal privacy in exchange for some form of cellphone tracking that could – in theory – reduce coronavirus infection rates and save lives. While the majority of Threatpost readers were...
Live Coronavirus Map Used to Spread Malware
Cybercriminals constantly latch on to news items that captivate the public's attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates...
Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords
Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II the virus, which causes COVID-19 the disease, is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Labs recently released a...
hopkinsmedicine.org XSS vulnerability
Open Bug Bounty ID: OBB-432242 Description| Value ---|--- Affected Website:| hopkinsmedicine.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
hopkinsmedicine.org XSS vulnerability
Open Bug Bounty ID: OBB-232840 Description| Value ---|--- Affected Website:| hopkinsmedicine.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Deluge of Apple Patches Fix Vulnerabilities in OS X, iOS, Safari, and More
In addition to fixing the serious crypto vulnerabilities in iMessage that surfaced yesterday, Apple also deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV’s tvOS, and watchOS. The iOS update, 9.3, is arguably the most pressing given the cryptographic issue dug...
Johns Hopkins Researchers: Crypto Flaws Endanger iMessage Integrity
When Apple released its iOS Security Guide for public consumption, it was an unprecedented look inside the security architecture behind its products. For cryptographer and professor Matthew Green and a team of four Johns Hopkins University graduate students, it was a road map to understanding not...
TrueCrypt Audit Cryptanalysis Handed Off to NCC Group
The stagnant TrueCrypt audit stirred to life in the last 24 hours with the announcement that the second phase of the audit, tasked with examining the cryptography behind the open source disk encryption software, will begin shortly. NCC Group’s Cryptography Services has been contracted to do the...
Matthew Green on the NSA and Compromising Crypto Standards
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA’s “regret” for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency’s influence on crypto standards and the hope for more secure standards in the future. Download:...
OpenSSL Receives Funding for Developers, Will Undergo Security Audit
Scarcely a month after announcing the formation of a group designed to help fund open source projects, the Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit...
Matthew Green on the NSA and Crypto Backdoors
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the paper he co-authored on the Extended Random extension for Dual EC DRBG and whether it could be considered a backdoor. Download: digitalunderground149.mp3...