Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal

The Hacker News
Open in Source
#web#windows#apple#google#microsoft#c++#pdf#auth#chrome#firefox#The Hacker News
Lucee 5.4.2.17 Cross Site Scripting

Lucee version 5.4.2.17 suffers from a cross site scripting vulnerability.

Dexx CMS HTML And Site Builder 2.2.3 XSS / Arbitrary File Upload

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

DevSoft Arge Bilişim CMS 1.0.0 Cross Site Scripting

DevSoft Arge Bilişim CMS version 1.0.0 suffers from a cross site scripting vulnerability.

Desenvolvido Buscazip Guiaking CMS 1.0 Cross Site Scripting

Desenvolvido Buscazip Guiaking CMS version 1.0 suffers from a cross site scripting vulnerability.

Deprixa 3.2.5 SQL Injection

Deprixa version 3.2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Datoo Complete Dating Script 1.0 HTML Injection

Datoo Complete Dating Script version 1.0 suffers from an html injection vulnerability.

GHSA-2ggp-cmvm-f62f: ScanCode.io command injection in docker image fetch process

## Command Injection in docker fetch process ### Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the docker_reference parameter. ### Details In the function `scanpipe/pipes/fetch.py:fetch_docker_image`[1] the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. ```python def fetch_docker_image(docker_reference, to=None): """ code snipped .... """ platform_args = [] platform = get_docker_image_platform(docker_reference) # User controlled `docker_reference` passed """ code snipped... """ ``` However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. ```python def get_docker_image_platform(docker_refer...

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System