CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38146...

Ongoing Cyber Threats to U.S. Water and Wastewater Systems

Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Usestrong passwords. • Usemulti-factor authentication. Note: This advisory uses the MITRE Adversarial Tactics, Technique...

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed...

Moxa Command Injection / Cross Site Scripting Vulnerabilities

======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage...

Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability

======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm HX3040 Series vulnerable version: See "Vulnerable...

Top 10 Cloud security tips

About half of the pen tests we’re asked to do involved cloud services at some point. We’ve even tested a cloud platform on an aeroplane – the irony was not lost on us! There is a multitude of ways to improve the security of your cloud platforms and often those ways are ever-changing or obscured...

BMD BMDWeb 2.0 Cross Site Scripting Vulnerability

======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or higher CVE number: - impact: High homepage:...

ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: ZTE WLAN router MF253V vulnerable version: V1.0.0B04 fixed version: V1.0.0B05 CVE number: impact: Medium homepage: https://www.zte.com.c...

Rittal Products Bypass / Command Injection / Privilege Escalation Vulnerabilities

Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PD...

Rittal Products Bypass / Command Injection / Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Rittal Products based on same software, e.g. CMC III PU Compact, CMC III PU 7030.000 PDU whole portfolio, LCP-CW, IoT...

Razer: SQL injection in Razer Gold List Admin at /lists/index.php via the `list[]` parameter.

The tester discovered a monitoring server in a Razer Gold environment was running legacy software with a SQL injection vulnerability. Razer thanks the tester for his diligence and helping keep Razer's customer data secure. A Razer Gold asset suffered from an SQL injection due to an outdated...

Hundreds of counterfeit online shoe stores injected with credit card skimmer

There's a well-worn saying in security: "If it's too good to be true, then it probably isn't." This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many...

Fronius Solar Inverter Series Insecure Communication / Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilites product: Fronius Solar Inverter Series vulnerable version: SW Version =3.14.1 vuln 2: 3.12.5 - HM 1.10.5, see solution section below CVE number:...

Visual Studio 2008 - XML External Entity Injection

Visual Studio 2008 - XML External Entity Injection Exploit Title: Visual Studio 2008 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Software Link: Visual Studio 2008 Express IDE Tested Version: 2008 CVE: N/A + Credits: John Page aka...

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

Gamers Are Easy Prey for Credential Thieves

Gamers are soft targets for credential-thieving hackers who see them as young, naive and playing it fast and loose with security. “A 14-year-old kid’s gaming credentials are worth more than you think,” said Mike Wilson, CTO at Enzoic. He said credentials tied to Fortnite, Minecraft and RuneScape...

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions...

Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing...

Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing...