#windows

Employee Management System 1.0 SQL Injection

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability.

1 year ago

#sql #vulnerability #web #mac #windows #apple #php #auth #chrome #webkit

GHSA-fq23-g58m-799r: Cross-site Scripting Vulnerability on Data Import

# Introduction This write-up describes a vulnerability found in [Label Studio](https://github.com/HumanSignal/label-studio), a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to `1.10.1` and was tested on version `1.9.2.post0`. # Overview [Label Studio](https://github.com/HumanSignal/label-studio) had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. This feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. # Description The following [code snippet in Label Studio](https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py#L125C5-L146) showed that is a URL passed the SSRF verification checks, the contents of the file would be downloaded using the filename in the URL. ```python def tasks_from_url(file_upload_ids, project, u...

1 year ago

ghsa

Open in Source

#xss #vulnerability #web #windows #git #java #ssrf #auth #ssl

Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors

Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.

1 year ago

TALOS

Open in Source

#vulnerability #web #mac #windows #microsoft #cisco #ddos #dos #git #intel #perl #samba #auth #ssh

Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend

1 year ago

The Hacker News

Open in Source

#web #mac #windows #microsoft #git #The Hacker News

PRTG Authenticated Remote Code Execution

This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG.

1 year ago

Packet Storm

Open in Source

#csrf #vulnerability #web #windows #rce #auth #ssl

Solar FTP Server 2.1.2 Denial Of Service

Solar FTP Server version 2.1.2 remote denial of service exploit.

1 year ago

Packet Storm

Open in Source

#vulnerability #windows #google #dos #git #perl #auth

Microsoft got hacked by state sponsored group it was investigating

Microsoft has acknowledged a cyberattack by Russians state sponsored group Cozy Bear who, it says, was looking how much information Microsoft holds about Cozy Bear.

1 year ago

Malwarebytes

Open in Source

#windows #microsoft #intel

North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity

1 year ago

The Hacker News

Open in Source

#windows #git #intel #backdoor #ruby #The Hacker News

EzServer 6.4.017 Denial Of Service

EzServer version 6.4.017 remote denial of service exploit.

1 year ago

Packet Storm

Open in Source

#vulnerability #windows #google #dos #git #perl #auth

Golden FTP Server 2.02b Denial Of Service

Golden FTP Server version 2.02b remote denial of service exploit.