Security
Headlines
HeadlinesLatestCVEs

Tag

#web

DiCal-RED 4009 Missing Authentication

DiCal-RED version 4009 provides a Telnet service on TCP port 23. This service grants access to an interactive shell as the system's root user and does not require authentication.

Packet Storm
Open in Source
#vulnerability#web#mac#linux#js#auth#telnet#wifi#ssl
OX App Suite Cross Site Scripting / Denial Of Service

OX App Suite frontend version 7.10.6-rev42 suffers from cross site scripting vulnerabilities. OX App Suite backend versions 7.10.6-rev61 and 8.22 suffer from a denial of service vulnerability.

OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting

OX App Suite frontend version 7.10.6-rev44 suffers from a cross site scripting vulnerability.

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said. "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of

Crime Complaints Reporting Management System 1.0 Shell Upload

Crime Complaints Reporting Management System version 1.0 suffers from a remote shell upload vulnerability.

CMSsite 1.0 Shell Upload

CMSsite version 1.0 suffers from a remote shell upload vulnerability.

Red Hat Security Advisory 2024-5446-03

Red Hat Security Advisory 2024-5446-03 - Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

CMS RIMI 1.3 Cross Site Request Forgery / File Upload

CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here's a look at one security researcher's efforts to map and shrink the size of this insidious problem.

Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform

Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isn’t it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 24/7. This is