Security
Headlines
HeadlinesLatestCVEs

Tag

#git

ICANN Launches Service to Help With WHOIS Lookups

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

Krebs on Security
Open in Source
#web#git#blog
CVE-2023-48859: security_research/TOTOLINK-A3002RU-RCE.md at main · xieqiang11/security_research

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.

Winter CMS 1.2.2 Server-Side Template Injection

Winter CMS version 1.2.2 suffers from a server-side template injection vulnerability.

CE Phoenixcart 1.0.8.20 Shell Upload

CE Phoenixcart version 1.0.8.20 suffers from a remote shell upload vulnerability.

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like

Scaling Security Operations with Automation

In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate

Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

By Waqas November 2023 has emerged as the most devastating year for crypto users and the most lucrative for cybercriminals and malicious hackers, as the majority of crypto hacks occurred during that month. This is a post from HackRead.com Read the original post: Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

GHSA-63cv-4pc2-4fcf: Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.

GHSA-7664-hcp7-f497: Mattermost Injection vulnerability

Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.

CVE-2023-48849: GitHub - delsploit/CVE-2023-48849

Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.