11967 matches found
[SECURITY] Fedora 33 Update: kernel-5.11.19-200.fc33
The kernel meta package...
DjVuLibre Denial of Service Vulnerability
DjVuLibre is an open source implementation of the DjVu computer file format, which includes a DjVu file viewer, browser plug-in, DjVu file decoder/encoder and other utilities.DjVuLibre suffers from a denial-of-service vulnerability that could be exploited by an attacker to cause an application to...
PHP Timeclock 1.04 Cross Site Scripting
Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Date: May 3rd 2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on...
py-impacket -- multiple path traversal vulnerabilities
asolino reports: Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code...
Exploit for Path Traversal in Gitlab
GitLab CVE2020-10977 Introduction This script provides re...
Chinese Hackers Attacking Military Organizations With New Backdoor
Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid ou...
Fav-Up - IP Lookup By Favicon Using Shodan
Lookups for real IP starting from the favicon icon and using Shodan. Installation pip3 install -r requirements.txt Shodan API key not the free one Usage CLI First define how you pass the API key: -k or --key to pass the key to the stdin -kf or --key-file to pass the filename which get the key fro...
[SECURITY] Fedora 34 Update: kernel-5.11.14-300.fc34
The kernel meta package...
CVE-2021-2305 vulnerabilities
Vulnerabilities for packages: mysql...
Trend Micro Encourages Patching Of Old Vulnerability
Trend Micro released several patches last year to address known vulnerabilities. Since that time, an attempt was observed to leverage one of these vulnerabilities in a single unpatched customer system...
Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in Synology DiskStation Manager. DSM is the Linux-based operating system for every Synology network-attached storage device NAS. The... This is only the...
All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)
The tab parameter of the settings page of the plugin was vulnerable to an authenticated reflected Cross-Site Scripting XSS issue as user input was not properly sanitised before being output in an attribute...
GO-2020-0039 Open redirect in gopkg.in/macaron.v1
Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none...
CVE-2021-3471
...
CVE-2020-8365
...
Remote code execution
Remote Procedure Call Runtime Remote Code Execution Vulnerability...
Signal Adds a Payments Feature—With Cryptocurrency
The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals...
Clear-text insertion of user's passwords into log files
...
Talos Takes Ep. #47: Looking back at the Masslogger trojan
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We return to our usual formatting this week to discuss the Masslogger trojan. We covered this threat earlier this year...