Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

October Linux Patch Wednesday

October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel. 5 vulnerabilities with signs of exploitation in the wild: 🔻 Remote Code Execution – CUPS (CVE-2024-47176) and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks🔻 Remote Code Execution – Mozilla Firefox (CVE-2024-9680) […]

Alexander V. Leonov
Open in Source
#xss#vulnerability#linux#dos#java#rce#firefox#blog
Chinese Researchers Tap Quantum to Break Encryption

But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.

GHSA-37gm-h5wr-pf25: Path traversal in redaxo

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.

GHSA-7c4c-749j-pfp2: Admidio Vulnerable to HTML Injection In The Messages Section

### Summary An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. ### PoC 1. Go to https://www.admidio.org/demo_en/adm_program/modules/messages/messages.php 2. Click on Send Private Message 3. In the `Message` field, enter the following payload `Testing<br><h1>HTML</h1><br><h2>Injection</h2>` > ![image](https://github.com/user-attachments/assets/0e5d9e4e-69c5-4908-9ab9-0c45c2548ff8) 4. Send the message 5. Open the message again > ![image](https://github.com/user-attachments/assets/d36f1b64-7d96-486d-ab65-cce2b7d21428) ### Impact 1. Data Theft: Stealing sensitive information like cookies, session tokens, and user credentials. 2. Session Hijacking: Gaining unauthorized access to user accounts. 3. Phishing: Tricking users into revealing sensitive information. 4. Website Defacement: Altering the appearance or content of the website. 5. Malware Distribution: Spreading malware to users' devices. 6. Denial of Service (DoS): Ov...

Hybrid Work Exposes New Vulnerabilities in Print Security

The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.

Cyber Gangs Aren't Afraid of Prosecution

Challenges with cybercrime prosecution are making it easier for attackers to act with impunity. Law enforcement needs to catch up.

New Tool DVa Detects and Removes Android Malware

Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…

BYOB Unauthenticated Remote Code Execution

This Metasploit module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation page. These vulnerabilities remain unpatched.

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.