Read Time:9 Second
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
Category Archives: Advisories
CVE-2020-14321
Read Time:9 Second
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVE-2020-14322
Read Time:11 Second
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
CVE-2020-14379
Read Time:9 Second
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker’s configuration files, leading to denial of service and information disclosure.
CVE-2020-1755
Read Time:11 Second
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user’s IP, in order to bypass remote address checks.
CVE-2020-1756
Read Time:9 Second
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
rsync-3.2.5-1.fc36
Read Time:9 Second
FEDORA-2022-25e4dbedf9
Packages in this update:
rsync-3.2.5-1.fc36
Update description:
New version 3.2.5
Fix for CVE-2022-29154, CVE-2022-37434
rsync-3.2.5-1.fc35
Read Time:9 Second
FEDORA-2022-15da0cf165
Packages in this update:
rsync-3.2.5-1.fc35
Update description:
New version 3.2.5
Fix for CVE-2022-29154, CVE-2022-37434
Win32.Ransom.BlueSky / Arbitrary Code Execution
Read Time:20 Second
Posted by malvuln on Aug 15
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Win32.Ransom.BlueSky
Vulnerability: Arbitrary Code Execution
Description: The BlueSky ransomware looks for and executes arbitrary DLLs
in its current working directory. Therefore, we can hijack a vuln DLL,
execute our own code, control…
Zyxel IPC 3605N & 4605N / Remote shell access
Read Time:24 Second
Posted by Eric Urban on Aug 15
Hello everyone,
I have identified that the Zyxel IPC 3605N and 4605N IP based security
cameras have multiple flaws. Combining these together leads to the ability
for an attacker to remotely install root shell access on the device.
A web server installed for UPnP purposes allows the plaintext passwords to
be retrieved by anyone. This grants access to the web administration
interface. From there, a tarball can be downloaded, modified with a…