Security update for SDL2 (important)

openSUSE Security Update: Security update for SDL2 Announcement ID: openSUSE-SU-2022:0104-1 Rating: important References: 1181201 1181202 1197525 Cross-References: CVE-2020-14409 CVE-2020-14410 CVE-2022-27227 CVSS scores: CVE-2020-14409 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H...

HTTP Verb Tampering

HTTP Verb Tampering is an attack that bypasses an authentication or control system that is based on the HTTP Verb. Sometimes, Web Server authentication mechanisms use verb-based authentication with access controls. Such security mechanisms include access control rules for requests with specific...

Attacks on Ukraine communications are a major part of the war

Since the start of the Russian invasion of Ukraine, the war on the battlefield has been accompanied by cyber attacks. Those attacks against critical infrastructure have knocked out banking and defense platforms, mostly by targeting several communication systems. In a timeline set up by NetBlocks,...

New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent,"...

Covid-19 Directory On Vaccination System 1.0 SQL Injection

Exploit Title: Covid-19 Directory on Vaccination System 1.0 - SQLi Authentication Bypass Date: 28/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

User after free in mrb_vm_exec

While fuzzing mruby I found a use after free in mruby compiled with ASAn. Proof of Concept uaf1.rb rb var1 = -0 var2 = 1.0 var3 = 1 var4 = +0 var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby ||...

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...

Security update for python3 (moderate)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2022:0942-1 Rating: moderate References: 1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 SUSE: 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap...

Infographic: Log4Shell Vulnerability Impact by the Numbers

The full scope of risk presented by the Log4Shell vulnerability is something unprecedented, spanning every type of organization across every industry. Hard to find but easy to exploit, Log4Shell immediately places hundreds of millions of Java-based applications, databases, and devices at risk...

DEBIAN-CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

PYSEC-2022-165

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

UBUNTU-CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

CVE-2022-21831

A flaw was found in the Active Storage module of Rails, where the transformation method or its arguments for imageprocessing are not trusted arbitrary input. This flaw allows an attacker to inject code in Rails. Mitigation To work around this issue, applications should implement a strict allow-li...

GHSA-8C76-MXV5-W4G8 Stored Cross-site Scripting in Microweber

Microweber 1.2.11 and prior contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods...

Stored Cross-site Scripting in Microweber

Microweber 1.2.11 and prior contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods...

Security update for stunnel (important)

openSUSE Security Update: Security update for stunnel Announcement ID: openSUSE-SU-2022:0872-1 Rating: important References: 1181400 1182529 SLE-20679 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 An update that contains security fixes and contains one feature can now be installed...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2022:0873-1 Rating: important References: 1193314 1193444 1193491 1194926 1194928 1194929 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 1195163 Cross-References: CVE-2022-21248...

CVE-2022-0954

Multiple Stored Cross-site Scripting XSS Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11...

CVE-2022-0954 Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in microweber/microweber

Multiple Stored Cross-site Scripting XSS Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11...