Lazarus Group Hides macOS Spyware in 2FA Application

The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan RAT to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new...

GStreamer, libmad, and SDL security, bug fix, and enhancement update

gstreamer1 1.16.1-2 - Update to 1.16.2 for correctly pick up for side gating - Resolves: rhbz1756299 1.16.1-1 - Update to 1.16.1 - Enable libcap for the ptp helper permissions - Resolves: rhbz1756299 gstreamer1-plugins-bad-free 1.16.1-1 - Update to 1.16.1 - Remove upstreamed patches - Remove...

Discourse < 2.5.0.beta4 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites

Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system LMS plugins that various organizations and universities use to offer online training courses through their WordPress-based websites. According to the Check Point...

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more. The...

container-tools:2.0 security update

An update is available for udica, toolbox, python-podman-api, slirp4netns, containernetworking-plugins, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

LY Corporation: SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)

LINE Social Plugins https://social-plugins.line.me/ is a service that provides LINE users with content sharing on the web. This SSRF attack was caused by bypassing the DNS verification of the parameter value received to check the page information of shared content. Attacks were only possible with...

[SECURITY] Fedora 32 Update: nrpe-4.0.2-2.fc32

Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote monitoring host that uses the checknrpe plugin. Various plugins that can be executed by the daemon are available at: http://sourceforge.net/projects/nagiosplug This package provides the core agent...

Duplicate Page and Post < 2.5.7 & WP Post Page Clone < 1.1 - SQL Injections due to Duplicated Snippets

SQL Injections in the Duplicate Post, WP Post Page Clone, Duplicate Page and Post plugins, due to using the snippet piece of code. The issue in the duplicate-post was already added, at https://wpvulndb.com/vulnerabilities/9251...

Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS

=== DESCRIPTION - REFLECTED XSS ======================================== Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise &...

jizhi CMS 1.6.7 - Arbitrary File Download

Exploit Title: jizhi CMS 1.6.7 - Arbitrary File Download Google Dork: jizhicms Date: 2020-04-18 Exploit Author: iej1ctk1g Vendor Homepage: https://www.jizhicms.cn/ Software Link: http://down.jizhicms.cn/jizhicmsBeta1.6.7.zip Version: 1.6.7 Tested on： Mac OS CVE : N/A Data 1. POST...

Rank Math 0.9~1.0.42.1 - Missing Access Controls to Disable Competitor Plugins

Missing access controls on the GET requests to deactivate competitors' plugins. This could allow any authenticated users such as subscribers to deactivate the SEO and Sitemap plugins from competitors. The attack could also be performed via CSRF...

Rank Math 0.9~1.0.42.1 - Missing Access Controls to Disable Competitor Plugins

Missing access controls on the GET requests to deactivate competitors' plugins. This could allow any authenticated users such as subscribers to deactivate the SEO and Sitemap plugins from competitors. The attack could also be performed via CSRF. PoC...

Malicious Package

Overview delayedplugins-airbrake is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

[SECURITY] Fedora 31 Update: nrpe-4.0.2-2.fc31

Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote monitoring host that uses the checknrpe plugin. Various plugins that can be executed by the daemon are available at: http://sourceforge.net/projects/nagiosplug This package provides the core agent...

[SECURITY] Fedora 30 Update: nrpe-4.0.2-2.fc30

Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote monitoring host that uses the checknrpe plugin. Various plugins that can be executed by the daemon are available at: http://sourceforge.net/projects/nagiosplug This package provides the core agent...

container-tools:1.0 security update

An update is available for fuse-overlayfs, oci-umount, runc, skopeo, oci-systemd-hook, containernetworking-plugins. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

OS Command Injection

apiconnect-cli-plugins is vulnerable to OS command injection. The vulnerability exists the values of pluginUri is not sanitized and can be controlled by users...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...