Piergiorgio Venuti

Joomla com_tag v1.7.6 – (tag) SQL Injection Vulnerability

Read More

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Backdoor.Win32.InfecDoor.17.c / Insecure Permissions June 28, 2022
    Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.InfecDoor.17.c Vulnerability: Insecure Permissions Description: The malware writes a ".420" settings file type to c drive granting change (C) permissions to the authenticated user group. Standard users can...
  • Trojan-Mailfinder.Win32.VB.p / Insecure Permissions June 28, 2022
    Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Mailfinder.Win32.VB.p Vulnerability: Insecure Permissions Description: The malware writes a dir with multiple PE files to c drive granting change (C) permissions to the authenticated user group. Standard users can […]
  • Backdoor.Win32.Shark.btu / Insecure Permissions June 28, 2022
    Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Shark.btu Vulnerability: Insecure Permissions Description: The malware writes multiple PE files to c drive granting change (C) permissions to the authenticated user group. Standard users can rename the executable...
  • Yashma Ransomware Builder v1.2 / Insecure Permissions June 28, 2022
    Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Yashma Ransomware Builder v1.2 Vulnerability: Insecure Permissions Description: The malware creates PE files with insecure permissions when writing to c:\ drive, granting change (C) permissions to the authenticated user […]
  • AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine June 28, 2022
    Posted by chan chan on Jun 27Hi FullDisclosure, I would like to publish an exploit that I found on AnyDesk as follows. # Exploit Title: AnyDesk allow arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine # Google Dork: [if applicable] # Date: 24/5/2022 # Exploit Author: Erwin Chan # […]
  • SEC-T CFP ongoing June 28, 2022
    Posted by Mattias Bååth via Fulldisclosure on Jun 27Hey all It's now less than two weeks to submit a talk to SEC-T 2022, at least if you want to be part of the first talk selection round (recommended) that we kick off July first. SEC-T is non-profit, non-corporate, two day, single track, con in Stockholm, […]
  • CFP No cON Name 2022 - Barcelona June 28, 2022
    Posted by Jose Nicolas Castellano via Fulldisclosure on Jun 27No cON Name 2022 - Barcelona ************************************ *****  Call For Papers        ****** ************************************ https://www.noconname.org/call-for-papers/ Exact place not disclosed until a few weeks before due celebration.     * INTRODUCTION The organization has  opened CFP proposals. No cON Name is the eldest Hacking and Security Conference in Span. […]
  • Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) June 21, 2022
    Posted by Onapsis Research via Fulldisclosure on Jun 21# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) ## Impact on Business Exposing the contents of a directory can lead to a disclosure of useful information for the attacker to devise exploits, such as creation times of files or […]
  • Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) June 21, 2022
    Posted by Onapsis Research via Fulldisclosure on Jun 21# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) ## Impact on Business Running unnecessary services, like a jetty webserver, may lead to increased surface area for an attack and also it unnecessarily exposes underlying vulnerabilities. ## Advisory Information - […]
  • Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad June 21, 2022
    Posted by Onapsis Research via Fulldisclosure on Jun 21# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad ## Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP […]

Customers

Newsletter