New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 AX1800 Wi-Fi routers to rope the devices into a distributed denial-of-service DDoS botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work ...

Exploit for Out-of-bounds Write in Readymedia_Project Readymedia

CVE-2023-33476 ReadyMedia MiniDLNA versions from 1.1.15 u...

EulerOS Virtualization 3.0.6.0 : binutils (EulerOS-SA-2023-2207)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Assertion fail in the displaydebugnames function in binutils/dwarf.c may lead to program crash and denial of service.CVE-2022-381...

EulerOS Virtualization 3.0.6.0 : emacs (EulerOS-SA-2023-2237)

According to the versions of the emacs packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

MAL-2023-260 Malicious code in discount-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b62bcefcaea2db2548388a227a4b29129aec31ac8138d04b9763fbd8e5bb54ac Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

Path traversal

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

cups-filters security update

1.20.0-29.0.1 - header/footer not being printed in banner page. Orabug: 28265099 [email protected] - Fixes Orabug: 29163824 source indentation not following convention [email protected] 1.20.0-29.2 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

PT-2023-24352 · Harmonic · Harmonic Nsg 9000-6G

Name of the Vulnerable Software and Affected Versions: Harmonic NSG 9000-6G devices affected versions not specified Description: The issue allows an authenticated remote user to obtain source code by directly requesting a special path. Recommendations: At the moment, there is no information about...

CVE-2023-33477

Summary: CVE-2023-33477 concerns Harmonic NSG 9000-6G devices, where an authenticated remote user can obtain source code by directly requesting a crafted path. Multiple connected sources label the issue as a path traversal vulnerability, but the technical details are inconsistent across entries a...

Faculty Evaluation System 1.0 - Unauthenticated File Upload Exploit

Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Date: 5/29/2023 Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

Improper access control

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

Luowice 安全漏洞

Luowice is a cloud app for a series of security monitoring devices from China-based Luowice. A security vulnerability exists in Luowice version 3.5.18, which stems from incorrect access control and can be exploited by an attacker to access cloud source code information...