#web

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific

Mac users should be aware of an active distribution campaign via malicious ads delivering Atomic Stealer. The latest iteration of the malware is stealthy thanks to added encryption and obfuscation of its code.

By Waqas In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not… This is a post from HackRead.com Read the original post: Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats

### Summary An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. ### Details Permissions do not seem to be enforced when reaching the `admin/ecommerceframework/admin-order/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. It seems that the access control is not enforced in this place : <https://github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php#L98> __Note__ : Testing this vulnerability requires a fully configured ecommerce website, but it looks vulnerable as when requesting the endpoint the data seem returned (and when looking at the source code nothing seems to validate the permissions on the specified endpoint). ### PoC In order to reproduce the issue, the following steps can be followed : 1. As an administrator : a. Create a role without an...

Gentoo Linux Security Advisory 202401-14 - A denial of service vulnerability has been found in RedCloth. Versions greater than or equal to 4.3.2-r5 are affected.

Gentoo Linux Security Advisory 202401-13 - Multiple denial of service vulnerabilities have been found in FAAD2. Versions greater than or equal to 2.11.0 are affected.

PSOProxy version 0.5 suffers from a denial of service vulnerability.

Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.

Red Hat Security Advisory 2024-0101-03 - Red Hat build of Keycloak 22.0.8 is now available from the Customer Portal. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2024-0100-03 - A security update is now available for Red Hat build of Keycloak 22.0.8 images running on OpenShift Container Platform. Issues addressed include an open redirection vulnerability.