Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

WordPress BackupBuddy 8.7.4.1 Arbitrary File Read

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability.

Packet Storm
Open in Source
#vulnerability#google#wordpress#php#aws#auth#ssh#zero_day
Red Hat Security Advisory 2022-6347-01

Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.

FTPManager 8.2 Local File Inclusion / Directory Traversal

FTPManager version 8.2 suffers from local file inclusion and directory traversal vulnerabilities.

CVE-2022-36757: Xaomi Vuln – Google Drive

Xaomi Mi Browser v13.10.0-gn contains a vulnerability which allows attackers to execute arbitrary code via user interaction with a crafted URL.

CVE-2021-43565: [security] Vulnerability in golang.org/x/crypto/ssh

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

RHSA-2022:6347: Red Hat Security Advisory: VolSync 0.5 security fixes and updates

VolSync v0.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack e...

EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA

The phishing-as-a-service offering targets accounts from tech giants, and also has connections to PyPI phishing and the Twilio supply chain attack.

CVE-2022-34883: Vulnerability Information: Hitachi Storage Solutions: Hitachi

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

CVE-2022-34883: Security information for Hitachi Disk Array Systems(September 6, 2022):Vulnerability Information:Storage Solutions:Hitachi

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers said in a Monday