Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Senayan Library Management System 9.5.1 SQL Injection

Senayan Library Management System version 9.5.1 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#windows#apple#apache#js#git#java#php#auth#chrome#webkit#ssl
Fake Windows Crypto Apps Spreading AppleJeus Malware

By Deeba Ahmed The infamous North Korean state-backed Lazarus hacking group is using AppleJeus malware to steal crypto funds from Windows users. This is a post from HackRead.com Read the original post: Fake Windows Crypto Apps Spreading AppleJeus Malware

CVE-2022-46464: CVE-nu11secur1ty/vendors/concretecms.org/2022/concretecms-9.1.3 at main · nu11secur1ty/CVE-nu11secur1ty

ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".

CVE-2022-45990: CVE-nu11secur1ty/vendors/winston-dsouza/ecommerce-website at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.

CVE-2022-45769: CVE-nu11secur1ty/vendors/clicshopping.org/2022/ClicShopping_V3 at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter.

CVE-2022-45020: CVE-nu11secur1ty/vendors/rukovoditel.net/2022/rukovoditel-3.2.1 at main · nu11secur1ty/CVE-nu11secur1ty

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Categories: News Categories: Threats Tags: Lazarus Tags: APT38 Tags: AppleJeus Tags: sideloading Tags: BloxHolder Researchers have found a new Lazarus campaign, once again targeting cryptocurrency users and organizations by deploying a fake website and malicious documents. (Read more...) The post Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware appeared first on Malwarebytes Labs.

Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25

Categories: Podcast This week on Lock and Code, we explore why security advisories—which businesses rely on to inform them about security patches—are falling short of their intended goals. (Read more...) The post Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 appeared first on Malwarebytes Labs.

North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps

The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents,"

CVE-2022-4280: Vulnerability/Information leakage vulnerability exists in findUser, a smart campus system developed by Dot Tech.md at main · Peanut886/Vulnerability

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.