ποΈ Introducing Ghostbuster β AWS security tool protects against dangling elastic IP takeovers ποΈ
π Read
via "The Daily Swig".
New defense against attacks that can cause more damage than other flavors of subdomain takeoverπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Introducing Ghostbuster β AWS security tool protects against dangling elastic IP takeovers
New defense against attacks that can cause more damage than other flavors of subdomain takeover
βΌ CVE-2022-0692 βΌ
π Read
via "National Vulnerability Database".
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.π Read
via "National Vulnerability Database".
π Collabfiltrator 2.1 π
π Read
via "Packet Storm Security".
Collabfiltrator is a tool to exfiltrate blind remote code execution output over DNS via Burp Collaborator.π Read
via "Packet Storm Security".
Packetstormsecurity
Collabfiltrator 2.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TestSSL 3.0.7 π
π Read
via "Packet Storm Security".
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.π Read
via "Packet Storm Security".
Packetstormsecurity
TestSSL 3.0.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenStego Free Steganography Solution 0.8.4 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-44142 βΌ
π Read
via "National Vulnerability Database".
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.π Read
via "National Vulnerability Database".
β Irony alert! PHP fixes security flaw in input validation code β
π Read
via "Naked Security".
What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...π Read
via "Naked Security".
Naked Security
Irony alert! PHP fixes security flaw in input validation code
Whatβs wrong with this sequence? 1. Step into the road 2. Check if itβs safe 3. Keep on walkiβ¦
β French cybercriminals using sextortion scams with no text or links β
π Read
via "Naked Security".
You'd spot this one a mile away... but what about your friends or family?π Read
via "Naked Security".
Naked Security
French speakers blasted by sextortion scams with no text or links
Youβd spot this one a mile awayβ¦ but what about your friends or family?
π1
βΌ CVE-2022-0708 βΌ
π Read
via "National Vulnerability Database".
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44568 βΌ
π Read
via "National Vulnerability Database".
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27796 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the Γ’β¬ΕuserΓ’β¬οΏ½ or Γ’β¬ΕfactoryΓ’β¬οΏ½ account, to read the contents of any file on the filesystem utilizing one of a few available binaries.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25599 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).π Read
via "National Vulnerability Database".
βΌ CVE-2022-23983 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).π Read
via "National Vulnerability Database".
βΌ CVE-2021-27755 βΌ
π Read
via "National Vulnerability Database".
"Sametime Android potential path traversal vulnerability when using File class"π Read
via "National Vulnerability Database".
βΌ CVE-2021-27797 βΌ
π Read
via "National Vulnerability Database".
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26256 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).π Read
via "National Vulnerability Database".
βΌ CVE-2021-27753 βΌ
π Read
via "National Vulnerability Database".
"Sametime Android PathTraversal Vulnerability"π Read
via "National Vulnerability Database".
βΌ CVE-2022-24295 βΌ
π Read
via "National Vulnerability Database".
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44141 βΌ
π Read
via "National Vulnerability Database".
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0564 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23984 βΌ
π Read
via "National Vulnerability Database".
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).π Read
via "National Vulnerability Database".