EUVD-2025-32526

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6...

ICE’s Deportation Airline Hack Reveals Man ‘Disappeared’ to El Salvador

Plus: A DOGE operative’s laptop reportedly gets infected with malware, Grok AI is used to “undress” women on X, a school software company’s ransomware nightmare returns, and more...

Command Execution Vulnerability in Fangde Desktop Operating System of Zhongke Fangde Software Co.

Fangde desktop operating system is a domestic operating system, adapted to Haikuang, Zhaoxin, Feiteng, Longxin, Shenwei, Kunpeng and other domestic CPUs, supporting x86, ARM, MIPS and other mainstream architectures. A command execution vulnerability exists in the Fangde desktop operating system o...

Logic Flaw Vulnerability in Zhengfang Service Management Platform of Zhengfang Software Co.

hereinafter referred to as "Zhengfang", founded in January 1999, is a software enterprise and a high-tech enterprise specializing in consulting, planning, construction and service in the field of education informatization in colleges and universities. A logic flaw exists in the Zhengfang Service...

A week in security (June 26 - July 2)

Last week on Malwarebytes Labs: A proxyjacking campaign is looking for vulnerable SSH servers New technique can defeat voice authentication "after only six tries" "Free" Evil Dead Rise movie scam lurks in Amazon listings Spyware app LetMeSpy hacked, tracked user data posted online Online safety...

Hackers Target Ukrainian Software Company Using GoMet Backdoor

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known ...

Xxe

ASG technologies A Rocket Software Company ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity XXE...

CVE-2021-45025

CVE-2021-45025 affects ASG-Zena Cross Platform Server Enterprise Edition 4.2.1, where sensitive information is stored in cookies in cleartext, enabling information disclosure. Impact and fix details are supported by multiple sources (NVD/CNVD/CVE pages) and connected advisories. Remediation per s...

CVE-2021-45024

CVE-2021-45024 affects ASG-Zena Cross Platform Server Enterprise Edition 4.2.1. The connected documents describe an XML External Entity (XXE) vulnerability in the XML import handling that can lead to SSRF and data exfiltration via the server (endpoints such as oc_main/zenaweb/scheduler/operation)...

XML Entity Injection Vulnerability in UFIDA U8+ CRM Customer Relationship Management Software (CNVD-2021-55194)

formerly known as Shanghai Qitong Software Co., Ltd., is a management digital service company that integrates the development, consulting, marketing, training, implementation and service of management software and Internet applications. An XML entity injection vulnerability exists in UFIDA U8+ CR...

Smartbi Big Data Analytics Platform of Guangzhou Sematic Software Company Limited Has Logic Flaw Vulnerability

Guangzhou Sematic Software Co., Ltd. is a company dedicated to providing one-stop business intelligence solutions for enterprise customers. A logic flaw vulnerability exists in the Smartbi Big Data Analytics Platform of Guangzhou Sematic Software Limited, which can be exploited by attackers to...

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

Researchers have made new discoveries surrounding the source of a previously-uncovered cryptomining operation that has targeted internet-facing database servers. The campaign, dubbed MrbMiner, was discovered in September 2020 downloading and installing a cryptominer on thousands of SQL servers...

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server MSSQL databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers fro...

Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office TextMaker

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document. An adversary could use these...

XSS Vulnerability in Shanghai Niomai Network Technology Co.

Ltd. is a software company focusing on serving small and medium-sized courier and logistics enterprises. With a deep understanding of the current situation and development direction of the management and service of Chinese and foreign courier and logistics enterprises, the company has created a...

Directory Traversal Vulnerability in Website Building System of Shanghai Niomai Network Technology Co.

Ltd. is a software company focusing on serving small and medium-sized courier and logistics enterprises. With a deep understanding of the current situation and development direction of the management and service of Chinese and foreign courier and logistics enterprises, the company has created a...

Unauthorized Access Vulnerability in websoft9 Control Panel of Changsha Netjou Software Co.

Websoft9 is an open source project dedicated to simplifying the installation and deployment of open source web applications. Hundreds of open source software have been sorted and categorized, security settings, performance optimization and Chinese, and released to mainstream public cloud platform...

SQL Injection Vulnerability in Personnel Payroll System of School Worry Free Software Technology Co. Ltd (CNVD-2020-45140)

School Worry-free Software Technology Co., Ltd. is a high-tech development team engaged in the research and system development of educational software teaching applications. A SQL injection vulnerability exists in the personnel payroll system of SchoolWorryFree Software Technology Limited, which...

Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)

Exploit Title: Atomic Alarm Clock 6.3 - Stack Overflow Unicode+SEH Exploit Author: Bobby Cooke Date: 2020-04-17 Vendor: Drive Software Company Vendor Site: http://www.drive-software.com Software Download: http://www.drive-software.com/download/ataclock.exe Tested On: Windows 10 - Pro 1909 x86...

Atomic Alarm Clock 6.3 Stack Overflow

Exploit Title: Atomic Alarm Clock 6.3 - Venetian Blinds Zipper - Unicode SEH Stack Overflow Exploit Author: Bobby Cooke Date: April 17th, 2020 Vendor: Drive Software Company Vendor Site: http://www.drive-software.com Software Download: http://www.drive-software.com/download/ataclock.exe Tested On...