Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-47853: ttt/16 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.

CVE
Open in Source
#vulnerability#web#windows#apple#chrome#webkit
MIMEDefang Email Scanner 3.3

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

LISTSERV 17 Insecure Direct Object Reference

LISTSERV version 17 suffers from an insecure direct object reference vulnerability that allows illicit access to a target's profile.

LISTSERV 17 Cross Site Scripting

LISTSERV version 17 suffers from a cross site scripting vulnerability.

Active Matrimonial CMS 3.5 Insecure Settings

Active Matrimonial CMS version 3.5 appears to leave a default administrative account in place post installation.

Yazilimi Jettweb 3 Cross Site Scripting

Yazilimi Jettweb version 3 suffers from a cross site scripting vulnerability.

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access

Four different Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF) attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed

Google Ads Malware Wipes NFT Influencer’s Crypto Wallet

By Habiba Rashid NFT influencer @NFT_GOD downloaded malware through Google Ads while attempting to download OBS, an open-source video streaming software. This is a post from HackRead.com Read the original post: Google Ads Malware Wipes NFT Influencer’s Crypto Wallet

CVE-2023-22298: GitHub - pgadmin-org/pgadmin4: pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023. They have since been