Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

Packet Storm
Open in Source
#vulnerability#web#windows#microsoft#redis#git#java#auth
InstantCMS 2.16.1 Cross Site Scripting

InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.

1 in 5 Youth Engage in Cybercrime, NCA Finds

By Waqas One in five children aged 10-16 in the UK have engaged in online activities that violate the Computer Misuse Act, NCA has revealed. This is a post from HackRead.com Read the original post: 1 in 5 Youth Engage in Cybercrime, NCA Finds

WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution

WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.

Exploring the Phenomenal Rise of Ethereum as a Digital Asset

By Uzair Amir In this exploration, we delve into the multifaceted layers of Ethereum’s meteoric rise, dissecting the technological breakthroughs, the… This is a post from HackRead.com Read the original post: Exploring the Phenomenal Rise of Ethereum as a Digital Asset

GHSA-4265-ccf5-phj5: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

GHSA-5jjq-8cvj-v6m9: Cross-site Scripting in Serenity

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.

Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data

By Waqas Deja vu at Robert Half? Notorious hackers claim responsibility as the staffing giant makes headlines for yet another alleged data breach in two years. This is a post from HackRead.com Read the original post: Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data

GHSA-7f2v-5877-rx3x: Code injection in REDAXO

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.

GHSA-8hp3-rmr7-xh88: Open Redirect in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.