42 matches found
Rigged Poker Games
The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games. In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the players in a particular order. As set forth in the...
EUVD-2021-13277
Malware in sbrugna...
EUVD-2012-2391
Malware in sbrugna...
MAL-2025-28154 Malicious code in offsite_payments (npm)
The package offsitepayments was found to contain malicious code...
Malicious code in panmirror (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3385cde99d98bc2917be74ea78c8302eb62e61dfb90d33d71be4a9b71b661e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/voluptatum-quae (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b15f68157c017d443f4c68b8281c4260e81c25cc6c102da832bf11fa4288710 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-M5Q3-MVCR-GC5M silverstripe/framework BackURL validation bypass with malformed URLs
A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended one...
silverstripe/framework BackURL validation bypass with malformed URLs
A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended one...
PT-2024-40363 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A maliciously crafted URL can bypass the offsite redirection protection for BackURL parameters, potentially leading to users entering sensitive data on malicious websites instead of the...
3 tips for creating backups your organization can rely on when ransomware strikes
Backups are an organization's last line of defense against ransomware, because comprehensive, offline, offsite backups give you a chance to restore or rebuild your computers without paying a criminal for a decryption key. Unfortunately, many organizations don't realize how important it is to make...
Breast cancer photos published by ransomware gang
The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients--calling them "nude photos"--to extort money from the Lehigh Valley Health Network LVHN. This has triggered a chorus of accusations from the cybersecurity community, wi...
Warning issued over Royal ransomware
As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...
Malicious code in optional-dep-wont-be-found (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2226cdc4dac73c40bc10584ecdb520dfdf47b568418de61acf37fd8cef42daf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
offsiteconstructionexpo.com Cross Site Scripting vulnerability OBB-2367185
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Millions of Connected Cameras Open to Eavesdropping
Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency CISA. The bug CVE-2021-32934, with a CVSS v3 base score of 9.1 has be...
CVE-2021-26471
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...
CVE-2021-26472
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges...
The vulnerability of the LibreOffice office suite lies in its improper validation of input data, which allows an attacker to compromise the integrity of the data.
The vulnerability of the LibreOffice office suite is related to a form field that might contain a URL pointing to an external server. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...
Cross-Site Scripting (XSS)
WordPress is vulnerable to cross-site scripting XSS attacks. The application uses offsite redirects which allows the attackers to inject and execute arbitrary webscript...
CheckPoint/Sofaware Firewall Multiple Vulnerabilities
No description provided by source. ProCheckUp Research http://procheckup.com/procheckup-labs/pr11-07.aspx PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls Vulnerability found: 3rd May 2011 Vendor informed: 20th Ju...