#web

Gentoo Linux Security Advisory 202401-20 - A vulnerability has been found in QPDF which can lead to a heap-based buffer overflow. Versions greater than or equal to 10.1.0 are affected.

Gentoo Linux Security Advisory 202401-19 - Multiple vulnerabilities have been found in Opera, the worst of which can lead to remote code execution. Versions greater than or equal to 73.0.3856.284 are affected.

Ubuntu Security Notice 6582-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6580-1 - It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security

The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country. While webhards have been used in the past to deliver njRAT, UDP RAT, and DDoS botnet malware, the

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access to file information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MOVITOOLS MotionStudio are affected: MOVITOOLS MotionStudio: Version 6.5.0.2 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 When the affected product processes XML information unrestricted file access can occur. CVE-2023-6926 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER Esjay (@esj4y) working with Trend Micr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Integration Objects Equipment: OPC UA Server Toolkit Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to add content to the log file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of OPC UA Server Toolkit, OPC library designed to allow creation of OPC DA, DX and HDA servers software, are affected: OPC UA Server Toolkit: All versions 3.2 Vulnerability Overview 3.2.1 Improper Output Neutralization for Logs CWE-117 OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. CVE-2023-7234 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE...

Almost seven years after alleged FruitFly author Phillip Durachinsky’s arrest, judge Solomon Oliver has ruled he's incompetent to stand trial.

We found a Facebook scam that aims to redirect victims to sites promoting PUPs, adware, or other fraudulent sites.