Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Xitami 2.5 Denial Of Service

Xitami version 2.5 remote denial of service exploit.

Packet Storm
Open in Source
#vulnerability#web#windows#google#dos#git#perl
GHSA-jc7h-c423-mpjc: Apache Shiro vulnerable to path traversal

Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

GHSA-rxgg-273w-rfw7: Remote Code Execution vulnerability in Apache IoTDB via UDF

Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023

The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. “This surge in cyber attacks coincided

Unravelling Retirement Banking Scams and How To Protect Yourself

By Uzair Amir In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. Imagine a… This is a post from HackRead.com Read the original post: Unravelling Retirement Banking Scams and How To Protect Yourself

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more.

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.” “A cloud

GHSA-32r3-57hp-cgfw: EverShop at risk to unauthorized access via weak HMAC secret

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.