Google Workspace Vulnerabilities Lead to Network-Wide Breaches

By Deeba Ahmed The vulnerabilities were discovered by cybersecurity researchers at Bitdefender. This is a post from HackRead.com Read the original post: Google Workspace Vulnerabilities Lead to Network-Wide Breaches...

Using Velociraptor for large-scale endpoint visibility and rapid threat hunting

TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks 150k+ Deployments aren’t unheard of Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and encourages...

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

Code injection

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CVE-2022-23513

CVE-2022-23513 affects Pi-hole AdminLTE (Pi-hole Web Interface). The issue is an access-control vulnerability in the queryads endpoint exposed via root-path PHP script /admin/scripts/pi-hole/phpqueryads.php, where insufficient validation allows an attacker to perform unauthorized queries for bloc...

Command Execution Vulnerability in Netnifty Vulnerability Scanning System

Beijing Netnifty Information Technology Co., Ltd. covers network border security protection, application and data security protection, network security risk management, professional security solutions and professional security services. A command execution vulnerability exists in the Netnifty...

Pi-hole cross-site scripting vulnerability (CNVD-2021-30595)

Pi-hole is a multi-platform, network-wide ad-blocking tool. A stored cross-site scripting vulnerability exists in Pi-hole 5.4 and earlier versions of the management portal. An attacker with network access to a DNS server could exploit this vulnerability to conduct a cross-site scripting attack...

Pi-hole cross-site scripting vulnerability (CNVD-2021-14160)

Pi-hole is a multi-platform, network-wide ad-blocking tool. A cross-site scripting vulnerability exists in Pi-hole 5.0, 5.1, 5.1.1. The vulnerability stems from insufficient validation of user-supplied data. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

USN-3215-2: Munin regression

USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem. Original advisory details: It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to...

Debian DLA-836-2 : munin regression update

The update for munin issued as DLA-836-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue. For reference, the original advisory text follows. Stevie Trujillo discovered a command injection vulnerability in munin, a...

[SECURITY] [DLA 836-1] munin security update

Package : munin Version : 2.0.6-4+deb7u3 CVE ID : CVE-2017-6188 Debian Bug : 855705 Stevie Trujillo discovered a command injection vulnerability in munin, a network-wide graphing framework. The CGI script for drawing graphs allowed to pass arbitrary GET parameters to local shell command, allowing...

Debian Security Advisory DSA 3794-1 (munin - security update)

Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...

Network Wide Hardware Ad Blocking: Pi-Hole

The Pi-hole can block ads for all devices on your network. All you need is a Raspberry Pi connected to your router. It was inspired as a low-cost,open source alternative to the AdTrap. The Pi-hole works on the the B, B+and Pi 2 it can also run on the Zero, but you need a micro-USB-to-Ethernet...

Debian DSA-2815-1 : munin - denial of service

Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node...

[SECURITY] [DSA 2815-1] munin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2815-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 09, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2815-1 (munin - denial of service)

Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node...

FreeBSD : wordpress -- multiple vulnerabilities (b384cc5b-8d56-11e1-8d7b-003067b2972c)

Wordpress reports : External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed : - Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. -...

DEBIAN-CVE-2012-2402

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors...

CVE-2012-2402

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors...

Design/Logic Flaw

wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors...