Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the

The Hacker News
Open in Source
#web#mac#windows#microsoft#git#c++#auth#The Hacker News
CVE-2022-36734: bug_report/SQLi-24.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.

CVE-2022-36733: bug_report/SQLi-22.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.

CVE-2022-36735: bug_report/SQLi-23.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.

CVE-2022-36732: bug_report/SQLi-19.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php.

CVE-2022-36657: bug_report/XSS-1.md at main · z1pwn/bug_report

Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.

CVE-2022-36731: bug_report/SQLi-21.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php.

CVE-2022-36730: bug_report/SQLi-20.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php.

Nitrokod Crypto Miner Hiding in Fake Microsoft and Google Translate Apps

By Waqas Nitrokod crypto miner mines Monero (XMR) coin on infected devices and so far it has targeted 111,000 unsuspecting users in 11 countries. This is a post from HackRead.com Read the original post: Nitrokod Crypto Miner Hiding in Fake Microsoft and Google Translate Apps

GHSA-fcg8-mg9g-6hc4: .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can can cause a denial of service when HTML forms are parsed. ### Affected software * Any .NET 6.0 application running on .NET 6.0.4 or earlier. * Any .NET 5.0 application running .NET 5.0.16 or earlier. * Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier. #### Affected packages **.NET Core 3.1** | Package name | Affected version | Patched version | |---------------------------------------------------|---------------------|---------------| | Microsoft.AspNetCore.App.Runtime.win-x64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-x64 | >=3.0.0,3....