Security
Headlines
HeadlinesLatestCVEs

Tag

#google

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

ABIC Cardiology Management System version 1.0 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#windows#google#php#auth#firefox
Hospital Management System 1.0 Code Injection

Hospital Management System version 1.0 suffers from a code injection vulnerability.

Event Registration and Attendance System 1.0 Code Injection

Event Registration and Attendance System version 1.0 suffers from a code injection vulnerability.

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. "An attacker with command execution in a Pod running within an affected Azure Kubernetes Services cluster could download the configuration used to

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity

Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials

GHSA-4hh3-vj32-gr6j: Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

### Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. ### Details Upon examining lines 183-192 of the `mobsf/StaticAnalyzer/views/common/shared_func.py` file, it is observed that there is a mitigation against Zip Slip attacks implemented as `a.decode('utf-8', 'ignore').replace('../', '').replace('..\\', '')`. However, this measure can be bypassed using sequences like `....//....//....//`. Since the replace operation is not recursive, this sequence is transformed into `../../../` after the replace operation, allowing files to be written to upper directories. <img width="448" alt="image" src="https://github.com/user-attachments/assets/fadf...

Lawyer CMS 1.6 Insecure Settings

Lawyer CMS version 1.6 suffers from an ignored default credential vulnerability.

Karya Online Shopping Portal 2.0 SQL Injection

Karya Online Shopping Portal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

JobSeeker CMS 1.5 Insecure Settings

JobSeeker CMS version 1.5 suffers from an ignored default credential vulnerability.