#mac

CVE-2023-1409: [SERVER-77028] tlsClusterCAFile is not being used to validate client certificates on macOS

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.

1 year ago

CVE

Open in Source

#mac #windows #linux #mongo #ssl

G And G Corporate CMS 1.0 Cross Site Scripting

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

1 year ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

FreshRSS 1.11.1 HTML Injection

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

1 year ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks

A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. "It probably finds its way into victim organizations by its operators compromising vulnerable web servers or via brute forcing RDP credentials," ESET security researcher Jakub Souček said in a detailed technical write-up

1 year ago

The Hacker News

Open in Source

#web #mac #backdoor #The Hacker News

Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.js, an API

1 year ago

The Hacker News

Open in Source

#web #mac #windows #nodejs #js #git #java #auth #ssh #The Hacker News

CVE-2023-39026: FileMage Gateway LFI

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.

1 year ago

CVE

Open in Source

#sql #vulnerability #mac #windows #auth #ssh #postgres

Luna Grabber Malware Hits Roblox Devs Through npm Packages

By Habiba Rashid The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js,… This is a post from HackRead.com Read the original post: Luna Grabber Malware Hits Roblox Devs Through npm Packages

1 year ago

HackRead

Open in Source

#web #mac #windows #nodejs #js #git #java #ssh

CVE-2022-29654: Index of /pub/nasm/releasebuilds/2.15.05

Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

1 year ago

CVE

Open in Source

#vulnerability #mac #windows #linux #dos #git #buffer_overflow

CVE-2020-22916: XZ Utils

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file.