144 matches found
PT-2021-16636 · Samsung · Smartthings
Name of the Vulnerable Software and Affected Versions: SmartThings versions prior to 1.7.67.25 Description: The issue is related to improper access control, allowing untrusted applications to cause arbitrary webpage loading in webview. Recommendations: For versions prior to 1.7.67.25, update to...
GHSA-R578-PJ6F-R4FF Auto-merging Person Records Compromised
Impact New user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages such as giving and events. Patches We have...
CVE-2021-32691
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...
RHEL 8 : firefox (RHSA-2021:1362)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1362 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
BRATA Malware Poses as Android Security Scanners on Google Play Store
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in...
CVE-2021-21330
An open redirect flaw was found in python-aiohttp. This flaw allows a remote, unauthenticated attacker to trick users into visiting a malicious webpage, disguised as a legitimate webpage and affects applications using the normalizepathmiddleware functionality. The highest threat from this...
CVE-2020-1091
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit...
CVE-2020-1492
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...
PT-2020-3943 · Microsoft · Windows Gdi +1
Name of the Vulnerable Software and Affected Versions: Windows GDI component affected versions not specified Description: An information disclosure issue exists due to the improper handling of memory contents by the Windows GDI component. This could allow an attacker to obtain information that...
CVE-2020-5728
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages such as login.htm. There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting...
MS15-128: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: December 8, 2015
MS15-128: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: December 8, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the Microsoft .NET Framework. The vulnerabilities could allow remote code...
Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
Cybercriminals are hijacking routers and changing Domain Name System DNS settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware. This latest attack...
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash...
Authentication flaw
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash...
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash...
CVE-2014-3445
CVE-2014-3445 describes an authentication bypass in HandsomeWeb SOS Webpages prior to 1.1.12. The vulnerability resides in backup.php, which allows an unauthenticated user to perform administrative backups and potentially disclose the administrator password hash by manipulating the MD5-based key ...
Windows GDI Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...
Romanian Duo Receives Jailtime For Infecting 400,000 With Malware
A Romanian duo has been sentenced to jailtime for infecting 400,000 computers with malware that stole credentials and financial information, and scammed victims out of millions of dollars. The two Romanian hackers, Bogdan Nicolescu, 37, and Radu Miclaus, 37, were sentenced to 20 years and 18 year...
Windows GDI Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...
Malaysia Airlines Flight 17 investigation shows Russian disinformation campaigns have global reach
A little background: on July 17, 2014, Malaysia Airlines Flight 17 was shot from the sky on its way from Amsterdam to Kuala Lumpur above the Ukraine. The plane was hit by a surface-to-air missile, and as a result, all 298 people on board were killed. At that time, there was a revolt of pro-Russia...