#apple

Hermit spyware is deployed with the help of a victim’s ISP

A new commercial spyware for governments, called Hermit, has spotted in the wild. It affects iOS and all Android versions. The post Hermit spyware is deployed with the help of a victim’s ISP appeared first on Malwarebytes Labs.

3 years ago

Malwarebytes

Open in Source

#vulnerability #ios #android #apple #google #git #asus #auth #zero_day

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an

3 years ago

The Hacker News

Open in Source

#vulnerability #web #ios #mac #apple #linux #auth #zero_day #chrome #The Hacker News

Can Zero-Knowledge Crypto Solve Our Password Problems?

Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.

3 years ago

DARKReading

Open in Source

#web #mac #apple #google #microsoft #amazon #git #auth

CVE-2022-32995: There is an ssrf vulnerability in the template remote download function in halo cms v1.5.3 in halo-dev/halo · Issue #2 · zongdeiqianxing/cve-reports

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.

3 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #js #git #java #ssrf #auth #chrome #webkit

CVE-2022-32994: Halo cms v1.5.3 has an arbitrary format file upload vulnerability at /api/admin/attachments/upload · Issue #1 · zongdeiqianxing/cve-reports

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.

3 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #js #git #java #auth #chrome #webkit

CVE-2022-31092: [Security] SQL Injection in Data Hub GraphQL by mcop1 · Pull Request #12444 · pimcore/pimcore

Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.

3 years ago

CVE

Open in Source

#sql #apple #git #perl

Library Management System With QR Code 1.0 SQL Injection

Library Management System with QR Code version 1.0 suffers from a remote SQL injection vulnerability.

3 years ago

Packet Storm

Open in Source