Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Bang Resto 1.0 Cross Site Scripting

Bang Resto version 1.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#apache#js#git#php#auth#firefox
CVE-2023-27755: go-bbs has an arbitrary file download vulnerability · Issue #10 · gobbscom/go-bbs

go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download.

Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight

Categories: Business Good tools gone bad. (Read more...) The post Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight appeared first on Malwarebytes Labs.

Update Chrome now! Google patches actively exploited flaw

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome zero-day Tags: CVE-2023-2033 Tags: V8 flaw Tags: V8 Google has released an updated version of Chrome to address a zero-day flaw that is being exploited in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited flaw appeared first on Malwarebytes Labs.

Fake Chrome updates spread malware

Categories: News Tags: chrome Tags: browser Tags: update Tags: fake Tags: malware Tags: monero Tags: miner Tags: cryptocurrency Tags: rogue Tags: hacked Tags: compromised Tags: site Tags: website We take a look at a slew of hacked websites pushing fake Chrome updates which are Monero miner malware in disguise. (Read more...) The post Fake Chrome updates spread malware appeared first on Malwarebytes Labs.

10 Best Zippyshare Alternatives – Best File Sharing Services

By Waqas Zippyshare is no longer available after the service announced its shutdown on March 30th, 2023. This is a post from HackRead.com Read the original post: 10 Best Zippyshare Alternatives – Best File Sharing Services

A week in security (April 10 - 16)

Categories: News Tags: Lock and Code S04E09 Tags: Bennett Cyphers Tags: Apple vulnerability Tags: phone charging station Tags: FBI Tags: Yum! Brands Tags: KFC Tags: Pizza Hut Tags: Patch Tuesday Tags: sextortion Tags: malvertising Tags: Weebly Tags: AI Tags: virtual kidnapping Tags: ransomware review Tags: ransomware in the UK Tags: ransomware in France The most interesting security related news from the week of April 10 - 16. (Read more...) The post A week in security (April 10 - 16) appeared first on Malwarebytes Labs.

CVE-2022-30076: ENTAB ERP 1.0 Information Disclosure ≈ Packet Storm

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

CVE-2022-28353: MyBB External Redirect Warning 1.3 Cross Site Scripting ≈ Packet Storm

In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS.

CVE-2023-2101: mogu_blog_v2-FileRestApi#uploadPicsByUrl-存在SSRF漏洞(mogu_blog_v2-FileRestApi#uploadPicsByUrl has a SSRF vulnerability) · Issue #97 · moxi624/mogu_blog_v2

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.