Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2013-1916: Offensive Security’s Exploit Database Archive

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.

CVE
Open in Source
#xss#vulnerability#web#windows#google#apache#wordpress#php#backdoor#auth
CVE-2013-1891: Full Disclosure: [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.

CVE-2022-32990: Trigger a unhandled exception in GIMP 2.10.30 (#8230) · Issues · GNOME / GIMP

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).

CVE-2021-41639: Advisory and Exploitation: The MELAG FTP Server

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.

Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool

By Deeba Ahmed This newly discovered malware campaign is attributed to a Chinese hacking group called Tropic Trooper. Cybersecurity researchers at… This is a post from HackRead.com Read the original post: Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool

Cybersecurity agencies: You don’t have to delete PowerShell to secure it

International cybersecurity authorities have published a Cybersecurity Information Sheet on making it harder to abuse PowerShell The post Cybersecurity agencies: You don’t have to delete PowerShell to secure it appeared first on Malwarebytes Labs.

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora,

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

GHSA-5ww9-9qp2-x524: Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string.