41 matches found
Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90761)
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...
Open-xchange OX App Suite Information Disclosure Vulnerability (CNVD-2021-90765)
Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company that allows users to more intuitively manage email, tasks, files, etc. An information disclosure vulnerability exists in Open-xchange OX App Suite. An information disclosure...
Open-xchange OX App Suite Directory Traversal Vulnerability
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A directory traversal vulnerability exists in Open-xchange OX App Suite, which can be exploited by...
Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90759)
Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited...
Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90762)
Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22647)
Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from the lack of proper validation of client-side data in the WEB application and can be exploited to inject arbitrary script or HT...
Multiple Trendnet Products Null Pointer Dereference Vulnerability
TRENDnet TEW-755AP and others are a router from Trendnet, a US-based company. Several Trendnet products are vulnerable to null pointer dereference. A remote attacker could use the vulnerability to send POST requests to applycgi via the lang operation without a language key, resulting in a denial ...
Open-xchange OX App Suite code issue vulnerability (CNVD-2022-28453)
Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A code issue vulnerability exists in Open-xchange OX App Suite, no detailed vulnerability details are...
Attackers Breach Microsoft Customer Service Accounts
The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to specific organizations — primarily, U.S.-based IT and government organizations. Microsoft officially announced the attacks after Reuters obtained an email sent to customer...
Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?
On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawlin...
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint securit...
Parler Finds a Reprieve in Russia—but Not a Solution
The far-right platform still hasn’t found a US-based home. Where it lands could have serious consequences for its users’ privacy...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22655)
Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...
Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany
A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who've recently re-indicted him on related charges. NiceHash CTO Matjaž "Iserdo...
HackerOne: Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based"
Hi, I would like to report something I just recently noticed upon receiving an automated invite from Hackerone for a private program. The program brief clearly states the following in program rules: █████ This is where I believe the issue is. I live in ███ and according to the program rules I...
Fake Bittrex cryptocurrency exchange site stealing user funds
By Uzair Amir Bittrex is a US-based cryptocurrency exchange known for buying and selling This is a post from HackRead.com Read the original post: Fake Bittrex cryptocurrency exchange site stealing user funds...
Top 5 GDPR Myths: Get the Facts
The General Data Protection Regulation GDPR has been garnering much attention since its formal adoption in April 2016. With the effective date of May 25, 2018 fast approaching, some popular myths have emerged surrounding the regulation. In this blog post, we’ll examine and debunk a few of the mos...
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Microsoft Interne...
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution...
US-based website covering China's Bo Xilai scandal hacked
US-based website covering China's Bo Xilai scandal hacked A US-based website that has reported extensively on the Bo Xilai scandal in Chongqing says it has been crippled by a concerted hacker attack. The site was rendered inaccessible for much of Thursday, depriving readers of coverage of the...