1app Technologies, Inc Security Vulnerabilities

Dotclear 2.29 Remote Code Execution

...

IBM Security verify Access Appliance Security Vulnerability

IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated...

RHEL 6 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813) ...

Serendipity 2.5.0 - Remote Code Execution Exploit

...

Serendipity 2.5.0 Remote Code Execution

...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-059)

The version of kernel installed on the remote host is prior to 5.4.268-181.368. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-059 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-06-06: CVE-2023-52464 was added to this...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 23 security fixes: [331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on...

Dotclear 2.29 - Remote Code Execution (RCE)

...

Determine OS and list of installed packages via SSH login

This script will, if given a userid/password or key to the remote system, login to that system, determine the OS it is running, and for supported systems, extract the list of installed...

JVN#60331535: WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page

WordPress plugin "SiteGuard WP Plugin" provided by EG Secure Solutions Inc. provides a functionality to customize the path to the login page wp-login.php. The plugin implements a measure to avoid redirection from other URLs, but missed to implement a measure to avoid redirection from...

Serendipity 2.5.0 - Remote Code Execution (RCE)

...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-036)

The version of kernel installed on the remote host is prior to 5.15.148-97.158. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-036 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-05-09: CVE-2024-26586 was added to this...

Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​

We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...

INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data

By Waqas As seen by Hackread.com, the INC ransomware gang claims to have obtained patient records as part of their cyberattack. This is a post from HackRead.com Read the original post: INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient...

Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is...

WordPress Photoxhibit 2.1.8 - Cross-Site Scripting

WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and....

CVE-2021-47531

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that....

Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com

Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS...

Advance Auto Parts customer data posted for sale

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email...

CVE-2023-50363

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS.....

[SECURITY] Fedora 38 Update: gnutls-3.8.4-1.fc38

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and....

Debian Security Advisory DSA 608-1 (zgv)

The remote host is missing an update to zgv announced via advisory DSA...

Debian Security Advisory DSA 284-1 (kdegraphics)

The remote host is missing an update to kdegraphics announced via advisory DSA...

Why Regulated Industries are Turning to Military-Grade Cyber Defenses

As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated.....

Debian Security Advisory DSA 279-1 (metrics)

The remote host is missing an update to metrics announced via advisory DSA...

Do not scan printers

The remote host appears to be a network printer, multi-function device, or other fragile device. Such devices often react very poorly when scanned. To avoid problems, Nessus has marked the remote host as 'Dead' and will not scan...

Debian Security Advisory DSA 296-1 (kdebase)

The remote host is missing an update to kdebase announced via advisory DSA...

Directory Scanner

This plugin attempts to determine the presence of various common dirs on the remote web...

Debian Security Advisory DSA 293-1 (kdelibs)

The remote host is missing an update to kdelibs announced via advisory DSA...

Debian Security Advisory DSA 026-1 (bind)

The remote host is missing an update to bind announced via advisory DSA...

Debian Security Advisory DSA 231-1 (dhcp3)

The remote host is missing an update to dhcp3 announced via advisory DSA...

Rounding up some of the major headlines from RSA

While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...

Top 7 Key Network Security Trends to Watch in 2011

Network security is on everyone's mind as 2010 comes to an end. Adam Powers, CTO of Atlanta-based Lancope, offers insights into expected trends for 2011. IT Consumerization and Internal Threats The introduction of consumer devices into corporate networks is reshaping security strategies....

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

WordPress Automatic Plugin <= 3.92.0 - SQL Injection

The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append...

JVN#37818611: "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

"ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly (CWE-939) which may be exploited to direct the App to access any sites. ## Impact A remote attacker may lead a user to.....

Assess, Remediate, and Prevent the Top 10 MITRE ATT&CK Techniques for Ransomware, Mapped to Misconfigurations

In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential.....

[SECURITY] Fedora 39 Update: suricata-6.0.17-1.fc39

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 38 Update: suricata-6.0.17-1.fc38

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 40 Update: suricata-7.0.4-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Apple iOS and Apple iPadOS Buffer Overflow Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A buffer overflow vulnerability exists in Apple iOS and iPadOS, which can be exploited by an attacker to...

Texting Secrets: How Messenger Apps Guard Your Chats

By Uzair Amir Worried about prying eyes? We explain how messenger apps keep your chats confidential with features like encryption & multi-factor authentication. Learn about security risks & emerging technologies for a safer digital future. This is a post from HackRead.com Read the original post:...

Financial cyberthreats in 2023

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...

Oracle Linux 7 : jss (ELSA-2019-3067)

From Red Hat Security Advisory 2019:3067 : An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is....

CVE-2024-2501

The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated attackers, with....

About the security content of iOS 17.5 and iPadOS 17.5

About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Fedora: Security Advisory for suricata (FEDORA-2024-99337cc4a1)

The remote host is missing an update for...

CentOS 7 : jss (CESA-2019:3067)

An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the.....

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-048)

The version of kernel installed on the remote host is prior to 5.10.209-198.812. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-048 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-06-06: CVE-2023-52464 was added to this...