A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.

...

USN-4467-2 qemu vulnerabilities

USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly u...

Super Store Finder 3.3 Cross Site Scripting

Exploit type : XSS INJECTION Exploit title : Super Store Finder Add location XSS Injection Descriptions : XSS injection from adding store and reflected XSS in SQL error login page PHP Script affected : Super Store Finder | Mega Locator Plugin URI : http://www.superstorefinder.net/ Version : 3.3 a...

audioteca.lamegaestacion.com Cross Site Scripting vulnerability OBB-1316311

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

mega-envases.com.ar Cross Site Scripting vulnerability OBB-1245555

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Internet Bug Bounty: Uncovering file quarantine and UX security issues in macOS apps ( .terminal, .fileloc and .url)

Slides : https://docs.google.com/presentation/d/19WeQbqcOKnrSv1I3Z4sm-oNAf6IVzHwRyQP4i9BvY/editslide=id.g758ad3e04223231 See Blogpost for more details - https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa Summary Popular macOS apps with a file-sharing...

PrestaShop Responsive Mega Menu Module RCE / SQLi Vulnerability

The SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:prestashop:prestashop"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.144185"...

mega-mania.com.pt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1150409 Security Researcher Papix2020 Helped patch 18 vulnerabilities Received 1 Coordinated Disclosure badges Received 2 recommendations , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting mega-mania.com.pt website a...

mega-okna.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1112918 Security Researcher geeknik Helped patch 8729 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting mega-okna.com website and...

This Week in Security News: Security and Privacy Issues

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, understand how Trend Micro Deep Security service will be integrating with AWS Security Hub. Also, learn how to prevent risks and secure...

mega-cd.de XSS vulnerability

Open Bug Bounty ID: OBB-697323 Description| Value ---|--- Affected Website:| mega-cd.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until...

Mobile Shopping Growth Accelerates During Diwali

Diwali is the Hindu festival of lights, celebrated every autumn in October or November. According to Redseer Consulting, the sales volume during the festival usually accounts for about 35%-40% of the annual sales of e-commerce in India; for 2018 Redseer predicts $2.5 to $3 billion gross merchandi...

Information disclosure

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure...

Remote code execution

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution...

CVE-2018-14798

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure...

Google Chrome MEGA Extension Trojan - Windows

Checks for a trojaned Google Chrome MEGA extension. Note: This script is not running by default as it needs to crawl the target host for the affected file which puts high load on the target during the scan. Please enable it separately within the scripts preference. SPDX-FileCopyrightText: 2018...

Google Chrome MEGA Extension Trojan - Linux

Detection of a trojaned MEGA extension for Google Chrome. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome MEGA Extension Trojan - Mac OS X

Detection of a trojaned MEGA extension for Google Chrome. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MEGA Chrome extension hacked with cryptocurrency malware

By Waqas Cloud storage solution MEGA delivered Monero cryptocurrency malware. 21st-century technologies like blockchain are regarded as groundbreaking inventions. However, the security aspect of the new age digital systems has always been criticized for being lackluster and flawed. This concern i...

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like...