Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Screen SFT DAB 600/C Authentication Bypass / Account Creation

Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.

Packet Storm
Open in Source
#vulnerability#web#ios#linux#js#git#php#bios#auth
Debian Security Advisory 5403-1

Debian Linux Security Advisory 5403-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

CVE-2023-31614: virtuoso *crashed* after running a SELECT statement · Issue #1117 · openlink/virtuoso-opensource

An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

TinyWebGallery 2.5 Cross Site Scripting

TinyWebGallery version 2.5 suffers from a persistent cross site scripting vulnerability.

Debian Security Advisory 5402-1

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Epson Stylus SX510W Denial Of Service

Epson Stylus SX510W suffers from a power off denial of service vulnerability.

Siemens SIMATIC S7-1200 Cross Site Request Forgery

Siemens SIMATIC S7-1200 CPU start/stop command cross site request forgery exploit. This older issue elaborates on t4rkd3vilz's CVE-2015-5698 by issuing a POST command to a specified web server path.

New Ransomware Gang RA Group Hits U.S. and South Korean Organizations

A new ransomware group known as RA Group has become the latest threat actor to leverage the leaked Babuk ransomware source code to spawn its own locker variant. The cybercriminal gang, which is said to have been operating since at least April 22, 2023, is rapidly expanding its operations, according to cybersecurity firm Cisco Talos. "To date, the group has compromised three organizations in the

New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems

A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a report shared with The Hacker News. "This trend is especially noteworthy given the fact that ESXi

CVE-2023-32784: KeePass / Discussion / Open Discussion: Security

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.