[webapps] WordPress Plugin Domain Check 1.0.16 – Reflected Cross-Site Scripting (XSS) (Authenticated)
WordPress Plugin Domain Check 1.0.16 – Reflected Cross-Site Scripting (XSS) (Authenticated)
WordPress Plugin Domain Check 1.0.16 – Reflected Cross-Site Scripting (XSS) (Authenticated)
Wordpress Plugin Download Monitor WordPress V 4.4.4 – SQL Injection (Authenticated)
Fetch Softworks Fetch FTP Client 5.8 – Remote CPU Consumption (Denial of Service)
uBidAuction v2.0.1 – ‘Multiple’ Cross Site Scripting (XSS)
Mozilla Firefox 67 – Array.pop JIT Type Confusion
Wordpress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated)
This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON export with –json outputfile.json. Auto-detecting most successfull bypasses. Usage $ ./ipsourcebypass.py -h…
Developers of Samba, the free SMB networking protocol, have issued a security update that patches one very high rating vulnerability in the VFS module vfs_fruit.
Categories: Exploits and vulnerabilities Tags: cve-2022-44142CVSSNetatalksambaSMBvfs_fruit |
The post Samba patches critical vulnerability that allows remote code execution as root appeared first on Malwarebytes Labs.
A yet unnamed Android malware is spotted in Google’s Play Store. After profiling its target, it drops Vultur, a newish RAT.
Categories: Android Tags: “2FA Authenticator”Android dropperandroid malwareBRATABrunhildaC2command & controlGoogle Play StorengrokPradeoProject BrunhildaThreatFabricvirtual network computingvncvultur |
The post Duo of Android dropper and payload target certain countries and app users appeared first on Malwarebytes Labs.
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persisten…