Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Printing Business Records Management System 1.0 Cross Site Request Forgery

Printing Business Records Management System version 1.0 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#windows#google#php#auth#firefox
Online Eyewear Shop 1.0 Cross Site Request Forgery

Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout

GHSA-phh4-3hmm-24rx: Duplicate Advisory: Juju makes Use of Weak Credentials

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh98-763h-m9v4. This link is maintained to preserve external references. ## Original Description JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

GHSA-85qf-6845-m8p2: Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. ## Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

5 Must-Have Tools for Effective Dynamic Malware Analysis

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the

GHSA-r2jw-c95q-rj29: cocoon Reuses a Nonce, Key Pair in Encryption

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.

GHSA-9mjw-79r6-c9m8: Portainer improperly uses an encryption algorithm in the AesEncrypt function

Portainer before 2.20.2 improperly uses an encryption algorithm in the `AesEncrypt` function.

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to

Dragos Expands ICS Platform with New Acquisition

The addition of Network Perception will provide Dragos with enhanced network visibility, compliance and segmentation analytics to the Dragos OT cybersecurity platform.