Read Time:3 Second
Software supply chain attacks realize researchers’ worst fears
Attackers Steal $618m From Crypto Firm
USN-5354-1: Twisted vulnerabilities
Read Time:20 Second
It was discovered that Twisted incorrectly filtered HTTP headers when clients
are being redirected to another origin. A remote attacker could use this issue
to obtain sensitive information. (CVE-2022-21712)
It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)
Post Title
Read Time:31 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
CVE-2020-24771
Read Time:5 Second
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
CVE-2020-24770
Read Time:7 Second
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2020-24769
Read Time:7 Second
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
CVE-2015-3298
Read Time:11 Second
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.
What is Shodan? The search engine for everything on the internet
Read Time:37 Second
Shodan is a search engine for everything on the internet — web cams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that’s plugged into the internet (and often shouldn’t be). Google and other search engines, by comparison, index only the web.
The best way to understand what Shodan does is to read founder John Matherly’s book on the subject. The basic algorithm is short and sweet:
1. Generate a random IPv4 address
2. Generate a random port to test from the list of ports that Shodan understands
3. Check the random IPv4 address on the random port and grab a banner
4. Goto 1
[KIS-2022-05] Joomla! <= 4.1.0 (Tar.php) Zip Slip Vulnerability
Read Time:18 Second
Posted by Egidio Romano on Mar 29
————————————————-
Joomla! <= 4.1.0 (Tar.php) Zip Slip Vulnerability
————————————————-
[-] Software Link:
[-] Affected Versions:
Version 4.1.0 and prior versions.
Version 3.10.6 and prior versions.
[-] Vulnerability Description:
The vulnerability is located in the
/libraries/vendor/joomla/archive/src/Tar.php script. Specifically, into
the…