[webapps] WordPress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated)
Wordpress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated)
Wordpress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated)
CONTPAQi(R) AdminPAQ 14.0.0 – Unquoted Service Path
WordPress Plugin Post Grid 2.1.1 – Cross Site Scripting (XSS)
WordPress Plugin Product Slider for WooCommerce 1.13.21 – Cross Site Scripting (XSS)
WordPress Plugin Contact Form Check Tester 1.0.2 – Broken Access Control
PHP Unit 4.8.28 – Remote Code Execution (RCE) (Unauthenticated)
Huawei DG8045 Router 1.0 – Credential Disclosure
This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON export with –json outputfile.json. Auto-detecting most successfull bypasses. Usage $ ./ipsourcebypass.py -h…
Developers of Samba, the free SMB networking protocol, have issued a security update that patches one very high rating vulnerability in the VFS module vfs_fruit.
Categories: Exploits and vulnerabilities Tags: cve-2022-44142CVSSNetatalksambaSMBvfs_fruit |
The post Samba patches critical vulnerability that allows remote code execution as root appeared first on Malwarebytes Labs.
A yet unnamed Android malware is spotted in Google’s Play Store. After profiling its target, it drops Vultur, a newish RAT.
Categories: Android Tags: “2FA Authenticator”Android dropperandroid malwareBRATABrunhildaC2command & controlGoogle Play StorengrokPradeoProject BrunhildaThreatFabricvirtual network computingvncvultur |
The post Duo of Android dropper and payload target certain countries and app users appeared first on Malwarebytes Labs.