Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-24238: ttt/20 at main · Am1ngl/ttt

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.

CVE
Open in Source
#vulnerability#web#windows#apple#chrome#webkit
CVE-2022-43969: Device Software Manager

Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines. The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published

New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East

Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected espionage-related campaign. Cybersecurity firms SentinelOne and QGroup are tracking the activity cluster under the former's work-in-progress moniker WIP26. "WIP26 relies heavily on public cloud infrastructure in an attempt to evade detection by making

CVE-2020-21120: SQL Injection Prevention - OWASP Cheat Sheet Series

SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.

CVE-2021-38239: [Bug]SQL Injection · Issue #510 · dataease/dataease

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

CVE-2023-22855: CVE-2023-22855/advisory.md at main · patrickhener/CVE-2023-22855

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.

New MortalKombat Ransomware Attack Aiming for Crypto Wallets

By Habiba Rashid Hackers are deploying the MortalKombat ransomware and Laplas Clipper malware in a financially motivated campaign against victims worldwide. This is a post from HackRead.com Read the original post: New MortalKombat Ransomware Attack Aiming for Crypto Wallets

CVE-2022-47507: SolarWinds Platform 2023.1 Release Notes

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2023-23836: SolarWinds Trust Center Security Advisories | CVE-2023-23836

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.