Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

hyiplab 2.1 Default Credentials

hyiplab version 2.1 leaves a default set of administrative credentials installed post installation.

Packet Storm
Open in Source
#vulnerability#windows#google#auth#firefox
Esg 2.5 SQL Injection

Esg version 2.5 suffers from a remote SQL injection vulnerability.

Code Bakers 1.0 SQL Injection

Code Bakers version 1.0 suffers from a remote SQL injection vulnerability.

Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade

New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh sophisticated campaign, but also to an activity cluster that first came to light in May 2016. "While the

CVE-2022-0010

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances. The issue, tracked as CVE-2023-32784, impacts KeePass versions 2.x for Windows, Linux, and macOS, and is expected to be patched in version 2.54, which is likely to be released early

CVE-2023-32336: Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability (CVE-2023-32336)

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.

A week in security (May 15-21)

Categories: News Tags: Week in security Tags: May 2023 The most interesting security-related news of the week from May 15-21. (Read more...) The post A week in security (May 15-21) appeared first on Malwarebytes Labs.

CVE-2021-46888: Release 1.23 · simonmichael/hledger

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.