Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-4x5q-q7wc-q22p: Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability

### Impact The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. Further details are available in the references. ### Fixed Version * `1.3.3` ### References The issue was reported by Nozomi Networks Labs. Further details on the issue will soon be published and this advisory updated.

ghsa
Open in Source
#vulnerability#git#auth
What is Cracktivator software?

Learn about Talos' research into cracked versions of the Microsoft Windows operating system and applications. Discover why the use of cracktivator software is a growing trend.

The Fake Browser Update Scam Gets a Makeover

One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

CVE-2023-46007: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-3.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.

CVE-2023-46006: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-2.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.

CVE-2023-46005: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

CVE-2023-46004: Zerrr0_Vulnerability/Best Courier Management System 1.0/Arbitrary-File-Upload-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.

CVE-2023-45065: WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions.

Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign

A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments. Dubbed Qubitstrike by Cado, the intrusion set utilizes Telegram API to exfiltrate cloud service provider credentials following a successful compromise. "The payloads for the Qubitstrike campaign are

TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments

Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky