CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

Outdated Wallets Threatening Billions in Crypto Assets

By Waqas The vulnerability is dubbed Randstorm, impacting browser-generated wallets created between 2011 and 2015. This is a post from HackRead.com Read the original post: Outdated Wallets Threatening Billions in Crypto Assets...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228 minecraft demo This demo is used at...

Fedora 39 : matrix-synapse (2023-957972e77c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-957972e77c advisory. Update to 1.95.1 CVE-2023-43796 ---- Update to v1.95.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Ransomware Threats Exploit CVE-2023-46604 in Apache ActiveMQ Servers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Ransomware groups and SparkRAT exploiting a critical vulnerability CVE-2023-46604 in Apache ActiveMQ, despite a security update on October 27, 2023, affecting systems with outdated ActiveMQ...

PT-2023-15411 · Unknown · Simple Photo Gallery

Name of the Vulnerable Software and Affected Versions: Simple Photo Gallery versions n/a through v1.8.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

You’d be surprised to know what devices are still using Windows CE

Windows CE -- an operating system that, despite being out for 27 years, never had an official explanation for why it was called "CE" -- finally reached its official end-of-life period this week. This was Microsofts first operating system for embedded and pocket devices, making an appearance on...

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog. Beginning Friday, October 27, Rapid7 Managed Detection and Response MDR identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

Design/Logic Flaw

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

PT-2023-28198 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP CRM versions = 18.0.1 Description: The issue is related to improper input validation, which fails to strip certain PHP code from user-supplied input when creating a Website. This allows an attacker to inject and evaluate arbitrar...

PT-2023-20541 · Unknown · Mcfeeder Server

Name of the Vulnerable Software and Affected Versions: McFeeder server distributed as part of SSW package affected versions not specified Description: The McFeeder server is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This issue stems from the use of an...

PT-2023-7560

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.1.1w Description The issue is related to the generation and checking of excessively long X9.42 DH keys or parameters, which may cause long delays in applications using the affected functions. This can lead to a Deni...

OTRS Trust Management Issue Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions prior to 7.0.47, 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which arises from the ability to obtain email via POP3 or IMAP and send email via SMTP using...

User Score Not Updated During Interest Claim, Leading to Incorrect Interest Calculations

Lines of code Vulnerability details Impact This oversight in the contract logic may lead to incorrect interest calculations for users. Specifically, if a user's balance or the factors contributing to the score changes between interest accruals due to actions outside of staking more tokens, the...

Missing of the distribution state updating

Lines of code Vulnerability details Impact The getEffectiveDistributionSpeed can return incorrect information. It can return distributionSpeed but the accrueTokens function will increase tokenAmountAccruedtoken only for the difference between token.balanceOfaddressthis and tokenAmountAccruedtoken...

WordPress plugin Blog Filter Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-6494 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.4 WS FTP Server versions prior to 8.8.2 Description: A SQL injection vulnerability exists in the WS FTP Server manager interface. An attacker may be able to infer information about the structure and content...