Security Affairs newsletter Round 335
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
This tool allows you to statically analyze Windows, Linux, OSX executables and APK files.You can get:What DLL files are used.Functions...
ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers...
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by...
Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released...
Summary: A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a...
Summary: ** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for...
Summary: A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. Reference...
Summary: axios is vulnerable to Inefficient Regular Expression Complexity Reference Links(if available): https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E CVSS Score (if...
Summary: A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue...
Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security...
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ https://cybernews.com/news/sky-com-servers-exposed-via-misconfiguration/ CyberNews...
AF-ShellHunter: Auto shell lookupAF-ShellHunter its a script designed to automate the search of WebShell's in AF TeamHow topip3 install -r...
American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio...
It’s that time of year again! This means it’s the season for Halloween, Oktoberfest, and HACKTOBERFEST! So what is Hacktoberfest?...
Mozilla is trying a novel experiment into striking a balance between ad revenue generation and privacy protection by implementing a...
Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft...
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process...
Sometimes good news in the security world comes unexpectedly. This is one of those times. After three decades of macro...
Summary: Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view...
Summary: A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because...
Summary: A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings...
Summary: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. Reference...
Summary: Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights...