Tag
#chrome
Blockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.
By Deeba Ahmed Spyware developer firm Cytrox is under Google’s radar for developing exploits against five 0-day flaws in Android and… This is a post from HackRead.com Read the original post: Predator Spyware Using Zero-day to Target Android Devices
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. There are currently no known workarounds.
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched
The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch," AhnLab Security Emergency Response Center (ASEC) said in a
By Waqas Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also… This is a post from HackRead.com Read the original post: Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1
From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.
Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.