Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2022-24967: Corporate – BlackRainbow

Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).

CVE
Open in Source
#xss#web#google#git#intel#perl#auth#ssl
CVE-2022-28605: hardcoded on LinkPlay app

LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30034: Multiple Vulnerabilities in Flower and Downstream Attacks on Airflow

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

CVE-2021-34083: google-it/googleIt.js at v1.6.2 · PatNeedham/google-it

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE.

Is CSS Really Necessary for Responsive Web Design?

By Owais Sultan Is CSS a necessity for responsive web design? This article will help you find out if it really… This is a post from HackRead.com Read the original post: Is CSS Really Necessary for Responsive Web Design?

Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The

SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities

The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities. "Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity

More than a quarter of Americans fell for robocall scam calls in past year

Robocalls and scam calls have been a longstanding problem. For 2021, the FTC has recorded its highest number of victims yet. The post More than a quarter of Americans fell for robocall scam calls in past year appeared first on Malwarebytes Labs.

TrustPid is another worrying, imperfect attempt to replace tracking cookies

German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies. The post TrustPid is another worrying, imperfect attempt to replace tracking cookies appeared first on Malwarebytes Labs.