#backdoor

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup. ### Reflected Cross-Site Scripting (SXSS) with authentication A Neos backend user with permission to modify content can insert JavaScript instructions into content elements. The browser will execute the script in "Print" preview mode. A Neos backend user who can modify his profile information ("Title", "First Name", "Last name", "Middle Name", "Other Name") can inject JavaScript instructions in those parameters. Once set up, an administrator who wants to edit this user account will execute the code. Both attack vectors require a valid Neos backend user account. ### Reflected Cross-Site Scripting (RXSS) without authentica...

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible (information disclosure, placement of backdoors, data removal, …). Note: The upload of files is only possible if the application built on Flow provides means to do so, and whether or not the upload of files poses a risk is dependent on the system setup. If uploaded script files are not executed by the server, there is no risk. In versions prior to 3.0.0 the upload of files with the extension php was blocked. In Flow 2.3.0 to 2.3.6 a potential XML External Entity processing vulnerability has been discovered in the MediaTypeConverter.

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between

An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous

Backdoor.Win32.AsyncRat malware suffers from a code execution vulnerability.

By Waqas Kaspersky's Global Research and Analysis Team (GReAT) has released its latest quarterly report (Q1 2024) on the advanced persistent threat (APT) activity, highlighting several key trends in the threat and risk environment. This is a post from HackRead.com Read the original post: Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files,"

Clinic Queuing System version 1.0 suffers from a remote code execution vulnerability.

By Deeba Ahmed Cuckoo malware targets macOS users, stealing passwords, browsing history, crypto wallet details & more. Disguised as a music converter, it poses a major security risk. Learn how to protect yourself from this sophisticated infostealer. This is a post from HackRead.com Read the original post: Cuckoo Mac Malware Mimics Music Converter to Steals Passwords and Crypto

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system on which DIAEnergie is deployed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie, an industrial energy management system, are affected: DIAEnergie: Versions v1.10.00.005 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-89 Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise th...