Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

4 ways to protect your privacy while scrolling

Categories: News Categories: Privacy Tags: Privacy Tags: browser Tags: VPN Tags: BrowserGuard For every level of privacy awareness, there are layers you can use to protect yourself. Here are four suggestions. (Read more...) The post 4 ways to protect your privacy while scrolling appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#ios#android#apple#google#microsoft#perl#chrome#firefox
CVE-2023-23314: File upload ssh authorized_keys causes RCE · Issue #90 · helloxz/zdir

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.

CVE-2022-46959: Back up files in any directory through directory traversal · Issue #56 · go-sonic/sonic

An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.

A week in security (January 16—22)

Categories: News Tags: Google Tags: Rust Tags: Chromium Tags: Mailchimp Tags: SweepWizard Tags: bossware Tags: TikTok Tags: surveillance firm Tags: Voyager Labs Tags: TracketPacer Tags: Facebook Tags: Instagram Tags: Vice Society Tags: Liquor Control Board of Ontario Tags: Zoho ManageEngine Tags: GitHub Tags: LastPass Tags: Git flaw Tags: ransomware Tags: credit card fraud The most interesting security related news from the week of January 16-22. (Read more...) The post A week in security (January 16—22) appeared first on Malwarebytes Labs.

CVE-2021-29368: Session Fixation in CuppaCMS · Issue #8 · CuppaCMS/CuppaCMS

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.

CVE-2020-23256: Electron has serious security vulnerability · Issue #1686 · electerm/electerm

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

CVE-2022-48123: ttt/15 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.

CVE-2022-48124: ttt/14 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.

CVE-2022-48125: ttt/13 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.