Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security Labs researcher Daniel Stepanic said in an analysis published last week. "One

The Hacker News
#web#mac#windows#google#microsoft#git#wordpress#backdoor#chrome#firefox#The Hacker News
Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

CVE-2023-30405: Aigital Wireless-N Repeater Mini_Router.0.131229 Cross Site Scripting ≈ Packet Storm

A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup.

CVE-2023-26782: There is a denial of service vulnerability in your project · Issue #2 · chshcms/mccms

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.

CVE-2023-26781: SQL injection exists in your project · Issue #1 · chshcms/mccms

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution

Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a remote command execution vulnerability.

Aigital Wireless-N Repeater Mini_Router.0.131229 Cross Site Scripting

Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a persistent cross site scripting vulnerability.

Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The

CVE-2023-29836: Exelysis/EUCS Admin Login XSS.txt at main · IthacaLabs/Exelysis

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.

Ubuntu Security Notice USN-6010-3

Ubuntu Security Notice 6010-3 - USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. Zx from qriousec discovered that Firefox did not properly validate the addres...