Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Transport Management System 1.0 Code Injection

Transport Management System version 1.0 suffers from a PHP code injection vulnerability.

Packet Storm
#vulnerability#web#windows#google#git#php#auth#firefox
ManageEngine ADManager 7183 Password Hash Disclosure

ManageEngine ADManager version 7183 suffers from a password hash disclosure vulnerability.

fastrpc_mmap_find Information Leak

An incorrect searching algorithm in fastrpc_mmap_find can lead to kernel address space information leaks.

Android qrtr_bpf_filter_detach Double-Free / Use-After-Free

There appears to be some (possibly deprecated) code associated with AF_QIPCRTR sockets in bpf_service.c. Within this file are some ioctl handlers - e.g. qrtr_bpf_filter_attach and qrtr_bpf_filter_detach. In the case of qrtr_bpf_filter_detach, the global pointer bpf_filter is fetched and freed while only holding a socket lock (and an irrelevant rcu_read_lock) - this may lead directly to double frees or use-after-free (kernel memory corruption) if a malicious user is able to call the QRTR_DETTACH_BPF ioctl on multiple AF_QIPCRTR sockets at once. Based on Android SELinux files, it appears this may be possible from some lower-privileged vendor and HAL services.

Criminals Are Testing Their Ransomware Campaigns in Africa

The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors but also cybercriminals.

Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack

Internet infrastructure provider Cloudflare fends off a massive 3.8 Tbps DDoS attack, surpassing the previous record. Learn how…

How to Get Going with CTEM When You Don't Know Where to Start

Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

ABB Cylon Aspect 3.07.02 (downloadDb.php) Authenticated File Disclosure

The building management system suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'downloadDb.php' script is not properly verified before being used to download database files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.