Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like...

mega-party-treff.de XSS vulnerability

Open Bug Bounty ID: OBB-658677 Description| Value ---|--- Affected Website:| mega-party-treff.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mega-torrenty.pl XSS vulnerability

Open Bug Bounty ID: OBB-652599 Description| Value ---|--- Affected Website:| mega-torrenty.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

A week in security (June 4 – June 10)

Last week on Labs, we took a look at hidden mobile ads, the perils of social media spam, and how to shore up your landline defenses. We also took a deep dive into Emotet malware analysis, and gave you some summertime safety tips. Other news Update your Adobe Flash player if you haven't already...

PrestaShop Responsive Mega Menu Pro Module SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features.Attribute Wizard addon is one of the product attribute add module.Responsive Mega Menu...

Sql injection

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...

CVE-2018-8824

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...

CVE-2018-8824

The vulnerability CVE-2018-8824 affects the PrestaShop Responsive Mega Menu Pro module version 1.0.32 (for PrestaShop 1.5.5.0–1.7.2.5). The issue is a SQL injection in modules/bamegamenu/ajax_phpcode.php exposed via the code parameter, reported across multiple sources (NVD, CNVD, OSV, OpenVAS) as...

mega-hand.ru XSS vulnerability

Open Bug Bounty ID: OBB-606725 Description| Value ---|--- Affected Website:| mega-hand.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mega-tech.com XSS vulnerability

Open Bug Bounty ID: OBB-594640 Description| Value ---|--- Affected Website:| mega-tech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mega-fetes.fr XSS vulnerability

Open Bug Bounty ID: OBB-594607 Description| Value ---|--- Affected Website:| mega-fetes.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PrestaShop Responsive Mega Menu Pro Module Code Execution Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. The solution provides a variety of payment methods , short message alerts and product image zoom and other features.Responsive Mega Menu Horizontal + Vertical + Dropdown Pro module is used in which a responsive menu module . A...

CVE-2018-8823

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter...

mega-torrenty.pl Open Redirect vulnerability

Open Bug Bounty ID: OBB-413520 Description| Value ---|--- Affected Website:| mega-torrenty.pl Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

USN-3414-1 qemu vulnerabilities

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. CVE-2017-7493 Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this...

A week in security (September 4 – September 10)

Last week, we looked into expired domain names being used for malvertising, delved into dubious Facebook apps, and checked out Chinese seminar scams. We also explained the whys and wherefores of false positives, explained what Google is doing with HTTPs, warned you away from a fake DHS email, and...

MEGA - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application MEGA published at the 'play' market has multiple vulnerabilities...

Mega-Like - External URLs, SD-card access, Unsafe deleting vulnerabilities

HackApp vulnerability scanner discovered that application Mega-Like published at the 'play' market has multiple vulnerabilities...

mega-soft.ru XSS vulnerability

Vulnerable URL: http://www.mega-soft.ru/goto.php?url=javascript:alert%28/OPENBUGBOUNTY/%29 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 602189 VIP website status:| No Check...

The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure

The vulnerability of the !megasashandledcmd function in the hw/scsi/megasas.c file of the QEMU hardware emulation software is related to a memory leak. Exploiting this vulnerability could allow an attacker, operating locally, to trigger a service failure memory consumption through specially craft...