Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Cacti pollers.php SQL Injection / Remote Code Execution

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.

Packet Storm
Open in Source
#sql#csrf#vulnerability#web#windows#linux#git#php#rce#xpath#auth
runc 1.1.11 File Descriptor Leak Privilege Escalation

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

SISQUAL WFM 7.1.319.103 Host Header Injection

SISQUAL WFM version 7.1.319.103 suffers from a host header injection vulnerability.

Gentoo Linux Security Advisory 202402-02

Gentoo Linux Security Advisory 202402-2 - A vulnerability has been discovered in SDDM which can lead to privilege escalation. Versions greater than or equal to 0.18.1-r6 are affected.

MISP 2.4.171 Cross Site Scripting

MISP version 2.4.171 suffers from a persistent cross site scripting vulnerability.

Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam

By Deeba Ahmed The incident took place in Hong Kong; however, the name of the targeted company is still unknown. This is a post from HackRead.com Read the original post: Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam

Synthetic Solutions: Redefining Cybersecurity Through Data Generation in the Face of Hacking

By Owais Sultan Cybersecurity is a constant battleground where hackers continuously devise new strategies to breach defences, jeopardizing sensitive information and… This is a post from HackRead.com Read the original post: Synthetic Solutions: Redefining Cybersecurity Through Data Generation in the Face of Hacking

Combined Security Practices Changing the Game for Risk Management

A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they become apparent and cause great stress in the process. The issue being that by using a reactive, rather than proactive approach, many risks

2054, Part I: Death of a President

“They had, quite swiftly, begun an algorithmic scrub of any narrative of the president suffering a health emergency, burying those stories.” An exclusive excerpt from 2054: A Novel.

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary