Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Concrete CMS 9.1.3 XPATH Injection

Concrete CMS version 9.1.3 suffers from an XPATH injection vulnerability.

Packet Storm
Open in Source
#vulnerability#web#mac#windows#apple#google#apache#js#git#php#xpath#auth#chrome#webkit#ssl
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature

The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.

The Hunt for the Kingpin Behind AlphaBay, Part 6: Endgame

With AlphaBay shuttered, Operation Bayonet enters its final phase: driving the site’s refugees into a giant trap. But one refugee hatched his own plan.

A Ride on the Wild Side with Hacking Heavyweight Sick Codes

Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies (Present & Past): Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently has 2,000 tabs open

Is MFA the Vegetable of Cybersecurity?

Don’t fuss now — just another spoonful of multifactor authentication to keep the organization strong and the data safer.

CVE-2022-24190: Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction.

GHSA-jf2p-4gqj-849g: Temporary File Information Disclosure vulnerability in MPXJ

### Impact On Unix-like operating systems (not Windows or macos), MPXJ's use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ. ### Patches The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes. ### Workarounds Setting `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files. ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/joniles/mpxj

Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign

More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.