#git

Dear Sirs and Madams, I would like to report a business logic error vulnerability that I discovered during my recent penetration test on Froxlor. Specifically, I identified an issue where it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements established by the system. The surname, family name AND company name all of them can be left blank. I believe addressing this vulnerability is crucial to ensure the security and integrity of the Froxlor platform. Thank you for your attention to this matter. This action served as a means to bypass the mandatory field requirements. Lets see (please have a look at the Video -> attachment). ---------------- as you can see i was able to let the username and second name blank. https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4 Le...

23andMe has responded in a letter to legal representatives of data breach victims that they were to blame themselves for re-using passwords

Easy File Sharing FTP Server version 2.0 suffers from a denial of service vulnerability.

EuskalHack Security Congress seventh edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. With an estimated capacity of 200 people, EuskalHack Security Congress has established itself as the most relevant congress specialized in computer security in the Basque Country, and as a national reference. The profile of attendees include specialized companies, public organisms, professionals, hobbyists and students in the area of security and Information Technology. The congress will take place on the 21st and 22nd of June 2024 in the lovely city of Donostia San Sebastian (Gipuzkoa).

Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Factory Automation Products Vulnerabilities: Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could disclose information in the product or could cause denial-of-service (DoS) condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Factory Automation products are affected: GT SoftGOT2000: Versions 1.275M to 1.290C (CVE-2023-0286) OPC UA Data Collector: Versions 1.04E and prior (CVE-2023-0286) MX OPC Server UA (Software packaged with MC Works64): Versions 3.05F and later (Packaged with MC Works64 Version 4.03D and later) (CVE-2022-4304) OPC UA Server Unit: All versions (CVE-2022-4304) FX5-OPC: Versions 1.006 and prior (CVE-2022-4304, CVE-2022-4450) 3.2 Vulnerability Overview 3.2.1 OBSERVABLE TIMING DISCREPANCY ...

Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down. “These packages, upon initial use, deploy a CoinMiner

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in

minaliC version 2.0.0 suffers from a denial of service vulnerability.

### Impact A potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to: * Deserialize Ion text encoded data, or * Deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. Impacted versions: <1.10.5 ### Patches The patch is included in `ion-java` >= 1.10.5. ### Workarounds Do not load data which originated from an untrusted source or that could have been tampered with. **Only load data you trust.** ---- If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to [[email protected]](mailto:[email protected]). Please do not create a public Git...