CVE-2023-29375

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector...

CVE-2023-29375

Progress Sitefinity (versions 13.3 up to 13.3.7647, 14.0 up to 14.0.7736, 14.1 up to 14.1.7826, 14.2 up to 14.2.7930, and 14.3 up to 14.3.8025) is affected by a vulnerability allowing potentially dangerous file uploads via the SharePoint connector. The underlying issue is a file-upload risk expos...

CVE-2023-29376

Product affected: Progress Sitefinity (versions 13.3.x up to 13.3.7646; 14.0 up to 14.0.7735; 14.1 up to 14.1.7825; 14.2 up to 14.2.7929; 14.3 up to 14.3.8024).** Vulnerability: Cross-site scripting (XSS) by privileged users targeting media libraries.** CVE: CVE-2023-29376.** Root cause / impact ...

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

Progress ipswitch WS_FTP Server 跨站脚本漏洞

Progress ipswitch WSFTP Server is an FTP server software. A security vulnerability exists in Progress ipswitch WSFTP Server version 8.6.0 that originates from improper handling of user-supplied input. An attacker could exploit the vulnerability to execute malicious code and commands on the client...

CVE-2022-27665

Summary (CVE-2022-27665): Progress Ipswitch WS_FTP Server 8.6.0 is affected by a reflected XSS vulnerability via AngularJS sandbox escape expressions, allowing an attacker to trigger client-side code by submitting crafted input in the subdirectory search bar or Add folder filename fields. The iss...

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

Celebrating Women’s History Month at Rapid7

Each March, we reflect on the historical accomplishments and ongoing need to support women. This, of course, should be embraced all 12 months of the year, but Women’s History Month gives us a special opportunity to learn from, celebrate, and amplify the voices of women. At Rapid7, we’re shining a...

Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency CISA, Federal...

[SECURITY] Fedora 38 Update: haruna-0.10.3-3.fc38

Open source video player built with Qt/QML and libmpv. Features: + play online videos, through youtube-dl; + supports youtube playlists; + toggle playlist with mouse-over, playlist overlays the video; + auto skip chapter containing certain words; + configurable shortcuts and mouse buttons; + quic...

Understanding Academic Software Solutions

By Owais Sultan Academic software allows educators to manage to learn and evaluate progress. Most educational institutions are already on their… This is a post from HackRead.com Read the original post: Understanding Academic Software Solutions...

K12252011: OpenSSH vulnerability CVE-2019-6109

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional...

SUSE CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

SUSE CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

SUSE CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

MAL-2023-1979 Malicious code in progressba2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 485523328c5575f2b2aeda99d3474ba5cfa4b4a164580d45134901bde80e097a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in prgoressbar2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3e7b14c0c56cf3ece2b23c361a6199d9920a3ecfdbf3b2f541d4cbc8dfbb8d10 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Florida hospital takes entire IT systems offline after 'ransomware attack'

Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server that stems from insufficient authorization controls over user modifications to the workflow application, where host...

UBUNTU-CVE-2022-41858

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information...