#git

CVE-2022-4343

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.

1 year ago

CVE

Open in Source

#git

CVE-2023-39685: java.lang.StringIndexOutOfBoundsException error caused by hjson parsing of untrusted JSON String · Issue #27 · hjson/hjson-java

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string.

1 year ago

CVE

Open in Source

#vulnerability #dos #js #git #java #perl #maven

CVE-2023-41364: HOME - tine

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.

1 year ago

CVE

Open in Source

#sql #git #php

CVE-2022-44349: CVEs/CVE-2022-44349 at main · MVRC-ITSEC/CVEs

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).

1 year ago

CVE

Open in Source

#xss #vulnerability #git

CVE-2023-4704: Misconfiguration in message sending function in icms2

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

1 year ago

CVE

Open in Source

#vulnerability #web #google #git

Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to “enable unauthorized access to compromised

1 year ago

The Hacker News

Open in Source

#web #android #google #git #intel #auth #ssh #The Hacker News

New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists

A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report. The LNK file, upon

1 year ago

The Hacker News

Open in Source

#web #android #git #wordpress #The Hacker News

It's a Zero-day? It's Malware? No! It's Username and Password

As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive data. Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords. This article explores the seriousness of compromised credentials, the challenges they present to security solutions, and the

1 year ago

The Hacker News

Open in Source

#web #mac #git #ldap #auth #zero_day #The Hacker News

GHSA-j2gj-g3p9-7mrr: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit `c9aa2eeb9` access tokens which fail validation are rejected.

1 year ago

ghsa

Open in Source

#git

GHSA-96gq-6ch5-mm54: usememos/memos vulnerable to improper input validation

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.

1 year ago

ghsa

Open in Source

#git

Tag

#git