Ragnar Locker Gang Warns Victims Not to Call the FBI

All that the FBI/ransomware negotiators/investigators do is muck things up, so we’re going to publish your stuff if you call for help, the Ragnar Locker ransomware gang announced on its darknet data-leak site. In an announcement posted this week and seen by Bleeping Computer, the ransomware...

GHSA-CPV8-6XGR-RMF6 Dolibarr Cross-site Scripting vulnerability

In Dolibarr ERP CRM, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Private Note field at /adherents/note.php?id=1 endpoint. These scripts are executed in a victim’s browser when th...

Dolibarr Cross-site Scripting vulnerability

In Dolibarr ERP CRM, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Private Note field at /adherents/note.php?id=1 endpoint. These scripts are executed in a victim’s browser when th...

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShel...

DEBIAN-CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

travelmanagers.com.au Cross Site Scripting vulnerability OBB-2125991

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2021-30870

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers...

PT-2021-18929 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15 iPadOS versions prior to 15 Description: A logic issue existed in the handling of document loads, which was addressed with improved state management. Previewing an html file attached to a note may unexpectedly contact...

PYSEC-2021-882

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmnint.cpp which can result in an information leak...

PYSEC-2021-882

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmnint.cpp which can result in an information leak...

Exiv2 缓冲区错误漏洞

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. a buffer overflow vulnerability exists in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmnint.cpp in Exiv2 version 0.27.99.0. An attacker could exploit this vulnerability to obtain information...

Google Releases Security Updates for Chrome

Google has released Chrome version 92.0.4515.159 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...

Cross-site Scripting (XSS)

dolibarr is vulnerable to cross site scripting XSS. An attacker is able to exploit the vulnerability by storing malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint which are executed in a victim’s browser...

CVE-2021-25955

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser...

Improper access control

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser...

OESA-2021-1309 gradle security update

Gradle is build automation evolved. Gradle can automate the building, testing, publishing, deployment and more of software packages or other types of projects such as generated static websites, generated documentation or indeed anything else. Gradle combines the power and flexibility of Ant with...

Xiaomi 10.2.4.g Information Disclosure

Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure Date: 27-Dec-2018 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.mi.com/us Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/ Version: 10.2.4.g Tested on: Tested in Andro...

CVE-2015-2074

The File Repository Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681...

CVE-2014-9320

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905...

CVE-2015-7731

SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830...