Allgemeine News
-
Lumma Stealer statt KI-App: Malware befällt Windows und macOS
Nov 17, 2024 | 10:43 amVorsicht vor falschen KI-Tools wie EditProAI: Lumma Stealer bedroht Windows und macOS. So erkennt und vermeidet ihr die gut getarnte Malware.Der Artikel Lumma Stealer statt KI-App: Malware befällt Windows und macOS erschien zuerst auf TARNKAPPE.INFO
Read more... -
Unreal und Unreal Tournament: Epic Games-Shooter gratis auf Internet Archive verfügbar
Nov 16, 2024 | 19:55 pmEpic Games hat sein Einverständnis gegeben, dass Internet Archive ihre Shooter-Spiele Unreal und Unreal Tournament hosten kann.Der Artikel Unreal und Unreal Tournament: Epic Games-Shooter gratis auf Internet Archive verfügbar erschien zuerst auf TARNKAPPE.INFO
Read more... -
WhatsApp als Einfallstor: Pegasus ist nur eine Nachricht entfernt
Nov 16, 2024 | 00:18 amDokumente aus einem Gerichtsverfahren zwischen der NSO Gruppe und WhatsApp erlauben einen Blick hinter die Kulissen.Der Artikel WhatsApp als Einfallstor: Pegasus ist nur eine Nachricht entfernt erschien zuerst auf TARNKAPPE.INFO
Read more... -
Streaming-Dienst Magis TV: Anbieter wegen illegalem Vertrieb und Cyberangriffen verhaftet
Nov 15, 2024 | 15:43 pmAnbieter des illegalen TV-Streaming-Dienstes Magis TV stehen im Verdacht, auch Schadsoftware in die Anwendung integriert zu haben.Der Artikel Streaming-Dienst Magis TV: Anbieter wegen illegalem Vertrieb und Cyberangriffen verhaftet erschien zuerst auf TARNKAPPE.INFO
Read more... -
Facebook muss zahlen: Fast eine Milliarde Strafe wegen Marketplace
Nov 15, 2024 | 06:22 amFast 800 Millionen Euro EU-Strafe für den Social-Media-Riesen Facebook und seinen Marketplace. Meta kündigt rechtliche Schritte an.Der Artikel Facebook muss zahlen: Fast eine Milliarde Strafe wegen Marketplace erschien zuerst auf TARNKAPPE.INFO
Read more... -
Destatis von Hackern angegriffen: Sensible Unternehmensdaten im Darknet aufgetaucht
Nov 14, 2024 | 14:53 pmDestatis-Hack: Unternehmensdaten deutscher Firmen im Darknet aufgetaucht. Das Datenleck betrifft sensible Informationen.Der Artikel Destatis von Hackern angegriffen: Sensible Unternehmensdaten im Darknet aufgetaucht erschien zuerst auf TARNKAPPE.INFO
Read more... -
Millionenbetrug mit Kryptowährungen: Südkoreas größter Krypto-Skandal
Nov 14, 2024 | 11:18 amMillionenbetrug mit Kryptowährungen: Krypto-Betrug in Südkorea aufgedeckt. 15.000 Anleger verlieren 219 Millionen Euro durch Influencer.Der Artikel Millionenbetrug mit Kryptowährungen: Südkoreas größter Krypto-Skandal erschien zuerst auf TARNKAPPE.INFO
Read more... -
FMovies-Betreiber gesteht: Riesige Gewinne durch illegales Streaming
Nov 14, 2024 | 06:09 amFMovies-Betreiber gesteht illegale Streaming-Piraterie. Erst Hunderttausende Dollar Gewinn, jetzt drohen harte Strafen.Der Artikel FMovies-Betreiber gesteht: Riesige Gewinne durch illegales Streaming erschien zuerst auf TARNKAPPE.INFO
Read more... -
Illegale Streaming-Geräte beschlagnahmt, mehrere Personen festgenommen
Nov 13, 2024 | 10:18 amStreaming-Piraterie im Visier: MultiChoice und eine Spezialeinheit beschlagnahmen zahlreiche illegale Geräte. Mehrere Festnahmen.Der Artikel Illegale Streaming-Geräte beschlagnahmt, mehrere Personen festgenommen erschien zuerst auf TARNKAPPE.INFO
Read more... -
LiberaPay: Unterstützen mit minimalem Aufwand
Nov 13, 2024 | 08:51 amWas haben Open-Source-Entwickler und freie Journalisten neben ihrer chronischen Unterbezahlung gemeinsam? Eine Spendenplattform.Der Artikel LiberaPay: Unterstützen mit minimalem Aufwand erschien zuerst auf TARNKAPPE.INFO
Read more... -
König der Streaming-Piraterie verhaftet: TVWiki und OKTOON abgeschaltet
Nov 13, 2024 | 06:05 amTVWiki Betreiber verhaftet: Südkorea geht gegen Streaming-Piraterie vor und schaltet mehrere der ganz großen Piraterie-Plattformen ab.Der Artikel König der Streaming-Piraterie verhaftet: TVWiki und OKTOON abgeschaltet erschien zuerst auf TARNKAPPE.INFO
Read more... -
Share-Online.biz Strafverfahren: Verjährung bei den meisten Downloadern
Nov 12, 2024 | 16:58 pmWer bis dato nicht über ein laufendes Verfahren informiert wurde, dessen Strafverfahren in der Causa Share-Online.biz ist nun verjährt!Der Artikel Share-Online.biz Strafverfahren: Verjährung bei den meisten Downloadern erschien zuerst auf TARNKAPPE.INFO
Read more... -
DNA-Testfirma verschwunden – Tausende Kunden stehen im Regen
Nov 12, 2024 | 16:20 pmDNA-Analysen weg: Die DNA-Testfirma Atlas Biomed verschwindet spurlos. Datenschützer warnen vor mangelnder Kontrolle bei Gentestfirmen.Der Artikel DNA-Testfirma verschwunden – Tausende Kunden stehen im Regen erschien zuerst auf TARNKAPPE.INFO
Read more... -
Darknet-Bitcoin-Mixerdienst: Bitcoin Fog-Betreiber muss 12,5 Jahre ins Gefängnis
Nov 12, 2024 | 13:56 pmFür die Bereitstellung des Bitcoin-Mixerdienstes Bitcoin Fog im Darknet, muss der Betreiber nun für 12 1/2 Jahre in das Gefängnis.Der Artikel Darknet-Bitcoin-Mixerdienst: Bitcoin Fog-Betreiber muss 12,5 Jahre ins Gefängnis erschien zuerst auf TARNKAPPE.INFO
Read more... -
Signal-Gruppe von tarnkappe.info eröffnet!
Nov 12, 2024 | 12:52 pmDie Signal-Gruppe von tarnkappe.info ist offen. Doch es gibt leider beim Signal-Chat noch keine Brücke zu Telegram oder Matrix.Der Artikel Signal-Gruppe von tarnkappe.info eröffnet! erschien zuerst auf TARNKAPPE.INFO
Read more... -
Amazon bestätigt Datendiebstahl: Kontaktdaten von Mitarbeitern betroffen
Nov 12, 2024 | 07:06 amAmazon bestätigt Datendiebstahl: Kontaktdaten von Mitarbeitern bei Drittanbieter entwendet. Sicherheitslücke durch MOVEit-Hack ausgenutzt.Der Artikel Amazon bestätigt Datendiebstahl: Kontaktdaten von Mitarbeitern betroffen erschien zuerst auf TARNKAPPE.INFO
Read more... -
Data-Load: deutschsprachiges Warez-Forum nutzt neue Domains
Nov 11, 2024 | 16:37 pmBereits vor ca. 14 Tagen mussten die Betreiber des Warez-Forums Data-Load zwangsweise auf die neue Domain data-load.me ausweichen.Der Artikel Data-Load: deutschsprachiges Warez-Forum nutzt neue Domains erschien zuerst auf TARNKAPPE.INFO
Read more... -
Sicherheitslücken in ML-Toolkits: Zahlreiche Tools betroffen
Nov 11, 2024 | 13:01 pmNeue Schwachstellen in ML-Toolkits: Sicherheitslücken erhöhen das Risiko von Angriffen auf ML-Systeme durch KI-Hacker.Der Artikel Sicherheitslücken in ML-Toolkits: Zahlreiche Tools betroffen erschien zuerst auf TARNKAPPE.INFO
Read more... -
Chrome-Erweiterungen bleiben Sicherheitsrisiko: Studie belegt Schwachstellen
Nov 11, 2024 | 06:53 amGoogle Chrome und Manifest V3 bieten keinen ausreichenden Schutz: Aktuelle Untersuchung zeigt Sicherheitslücken in Chrome-Erweiterungen.Der Artikel Chrome-Erweiterungen bleiben Sicherheitsrisiko: Studie belegt Schwachstellen erschien zuerst auf TARNKAPPE.INFO
Read more... -
Freiheit für Ross Ulbricht: Gefängnis-Entlassung von Silk Road-Gründer in Aussicht
Nov 9, 2024 | 17:41 pmFreiheit für Ross Ulbricht versprach Donald Trump im Falle seines Wahl-Erfolges. Januar 2024 winkt nun die Freilassung des Silk Road-Gründers.Der Artikel Freiheit für Ross Ulbricht: Gefängnis-Entlassung von Silk Road-Gründer in Aussicht erschien zuerst auf TARNKAPPE.INFO
Read more...
-
Red Hat Security Advisory 2024-9572-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:26 pmRed Hat Security Advisory 2024-9572-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Red Hat Security Advisory 2024-9573-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:26 pmRed Hat Security Advisory 2024-9573-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Red Hat Security Advisory 2024-9579-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:26 pmRed Hat Security Advisory 2024-9579-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.
Read more... -
Red Hat Security Advisory 2024-9583-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:26 pmRed Hat Security Advisory 2024-9583-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2024-9601-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:26 pmRed Hat Security Advisory 2024-9601-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include buffer overflow and privilege escalation vulnerabilities.
Read more... -
Red Hat Security Advisory 2024-9552-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:25 pmRed Hat Security Advisory 2024-9552-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2024-9554-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:25 pmRed Hat Security Advisory 2024-9554-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2024-9559-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:25 pmRed Hat Security Advisory 2024-9559-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Red Hat Security Advisory 2024-9566-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:25 pmRed Hat Security Advisory 2024-9566-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services[…]
Read more... -
Red Hat Security Advisory 2024-9571-03
Operating System: RedHat ≈ Packet Storm Nov 14, 2024 | 15:25 pmRed Hat Security Advisory 2024-9571-03 - Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and man-in-the-middle vulnerabilities.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more... -
Join us in San Francisco at the 2018 Red Hat Summit
Red Hat Security Blog Blog Posts Apr 23, 2018 | 14:30 pmThis year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]
Read more... -
Certificate Transparency and HTTPS
Red Hat Security Blog Blog Posts Apr 17, 2018 | 15:00 pmGoogle has announced that on April 30, 2018, Chrome will:“...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate[…]
Read more... -
Let's talk about PCI-DSS
Red Hat Security Blog Blog Posts Feb 28, 2018 | 14:30 pmFor those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]
Read more... -
Security is from Mars, Developers are from Venus…...or ARE they?
Red Hat Security Blog Blog Posts Nov 16, 2017 | 15:00 pmIt is a tale as old as time.Developers and security personnel view each other withsuspicion.The perception is that a vast gulf of understanding and ability lies between the two camps.“They can’t possibly understand what it is to do my job!”[…]
Read more... -
Abuse of RESTEasy Default Providers in JBoss EAP
Red Hat Security Blog Blog Posts Oct 18, 2017 | 13:30 pmRed Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]
Read more... -
Kernel Stack Protector and BlueBorne
Red Hat Security Blog Blog Posts Sep 12, 2017 | 11:51 amToday, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a[…]
Read more...
-
PHP-CGI Argument Injection Remote Code Execution
CGI Files ≈ Packet Storm Nov 14, 2024 | 15:42 pmProof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
Read more... -
PHP-CGI Argument Injection Susceptibility Scanner
CGI Files ≈ Packet Storm Nov 14, 2024 | 15:37 pmThis is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a[…]
Read more... -
Debian Security Advisory 5780-1
CGI Files ≈ Packet Storm Oct 3, 2024 | 13:50 pmDebian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
Read more... -
Ubuntu Security Notice USN-7049-1
CGI Files ≈ Packet Storm Oct 2, 2024 | 13:55 pmUbuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly[…]
Read more... -
Supermicro Onboard IPMI CGI Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:45 pmThis Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
Read more... -
Zen Load Balancer Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:40 pmThis Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more... -
DnaLIMS Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:34 pmThis Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.
Read more... -
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:28 pmThis Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used[…]
Read more... -
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:27 pmThis Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function[…]
Read more... -
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:15 pmThis Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker[…]
Read more...
snaplitics made a real revolution in the industry.
-
Debian: DSA-5814-1: thunderbird Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 15, 2024 | 21:47 pm
Read more...
A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages. For the stable distribution (bookworm), this problem has been fixed in -
Debian: DSA-5813-1: symfony Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 15, 2024 | 21:46 pm
Read more...
Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass. -
Debian: DSA-5812-1: postgresql-15 Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 15, 2024 | 21:43 pm
Read more...
Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation. For the stable distribution (bookworm), these problems have been fixed in -
Debian Security Advisory 5810-1
Operating System: Debian ≈ Packet Storm Nov 12, 2024 | 15:11 pmDebian Linux Security Advisory 5810-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more... -
Debian Security Advisory 5809-1
Operating System: Debian ≈ Packet Storm Nov 12, 2024 | 15:10 pmDebian Linux Security Advisory 5809-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.
Read more... -
Debian Security Advisory 5811-1
Operating System: Debian ≈ Packet Storm Nov 12, 2024 | 15:10 pmDebian Linux Security Advisory 5811-1 - An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code.
Read more... -
Debian: DSA-5811-1: mpg123 Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 11, 2024 | 19:25 pm
Read more...
An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code. -
Debian: DSA-5809-1: symfony Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 11, 2024 | 19:06 pm
Read more...
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect. -
Debian Security Advisory 5808-1
Operating System: Debian ≈ Packet Storm Nov 11, 2024 | 17:26 pmDebian Linux Security Advisory 5808-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
Read more... -
Debian: DSA-5808-1: ghostscript Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 11, 2024 | 16:57 pm
Read more...
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. -
Debian Security Advisory 5807-1
Operating System: Debian ≈ Packet Storm Nov 11, 2024 | 15:53 pmDebian Linux Security Advisory 5807-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitrary code.
Read more... -
Debian: DSA-5807-1: nss Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 10, 2024 | 19:04 pm
Read more...
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitary code. -
Debian Security Advisory 5806-1
Operating System: Debian ≈ Packet Storm Nov 9, 2024 | 15:12 pmDebian Linux Security Advisory 5806-1 - A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
Read more... -
Debian Security Advisory 5805-1
Operating System: Debian ≈ Packet Storm Nov 9, 2024 | 15:11 pmDebian Linux Security Advisory 5805-1 - It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation.
Read more... -
Debian: DSA-5806-1: libarchive Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 9, 2024 | 08:49 am
Read more...
A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. -
Debian: DSA-5805-1: guix Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 8, 2024 | 19:40 pm
Read more...
It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation. For additional information please refer to https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ -
Debian Security Advisory 5804-1
Operating System: Debian ≈ Packet Storm Nov 8, 2024 | 17:01 pmDebian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati[…]
Read more... -
Debian: DSA-5804-1: webkit2gtk Security Advisory Updates
Stay Vigilant with Timely Linux Security Advisories Nov 7, 2024 | 23:58 pm
Read more...
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44244 -
Debian Security Advisory 5803-1
Operating System: Debian ≈ Packet Storm Nov 6, 2024 | 19:19 pmDebian Linux Security Advisory 5803-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Read more... -
Debian Security Advisory 5802-1
Operating System: Debian ≈ Packet Storm Nov 4, 2024 | 16:35 pmDebian Linux Security Advisory 5802-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more...
-
Glibc Tunables Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 21, 2023 | 14:20 pmA buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID[…]
Read more... -
GNOME Files 43.4 Privilege Escalation
Operating System: Fedora ≈ Packet Storm Aug 8, 2023 | 15:54 pmGNOME Files version 43.4 (nautilus) on Fedora 37 will extract zip archives with setuid files for other user identifiers that can be leveraged to escalate privileges.
Read more... -
Apache Tomcat Privilege Escalation
Operating System: Fedora ≈ Packet Storm Mar 14, 2023 | 14:39 pmThis Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation.[…]
Read more... -
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Fedora ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Fedora / Gnome fscaps Issue
Operating System: Fedora ≈ Packet Storm Jun 22, 2021 | 19:20 pmFedora with Gnome has an issue where it is not using fscaps safely.
Read more... -
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more...
-
Vaultwarden -- Multiple vulnerabilities
FreeBSD VuXML Nov 16, 2024 | 00:00 am
Read more... -
chromium -- multiple security fixes
FreeBSD VuXML Nov 16, 2024 | 00:00 am
Read more... -
electron31 -- multiple vulnerabilities
FreeBSD VuXML Nov 15, 2024 | 00:00 am
Read more... -
PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
FreeBSD VuXML Nov 14, 2024 | 00:00 am
Read more... -
PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes
FreeBSD VuXML Nov 14, 2024 | 00:00 am
Read more... -
PostgreSQL -- PL/Perl environment variable changes execute arbitrary code
FreeBSD VuXML Nov 14, 2024 | 00:00 am
Read more... -
PostgreSQL -- libpq retains an error message from man-in-the-middle
FreeBSD VuXML Nov 14, 2024 | 00:00 am
Read more... -
Gitlab -- vulnerabilities
FreeBSD VuXML Nov 14, 2024 | 00:00 am
Read more... -
electron31 -- multiple vulnerabilities
FreeBSD VuXML Nov 14, 2024 | 00:00 am
Read more... -
FreeBSD -- Certificate revocation list fetch(1) option fails
FreeBSD VuXML Nov 13, 2024 | 00:00 am
Read more...
-
K2 will not be made available for Joomla 4/5 - change of course
Blog - JoomlaWorks May 30, 2024 | 17:56 pm
Read more...
The writing's on the wall. Joomla 4 and 5 are failed CMS releases. They account for around 0.3% of ALL Joomla sites according to W3Techs (https://w3techs.com/technologies/details/cm-joomla). Joomla's official stats (which were introduced near the end of life of Joomla 3[…] -
K2
Updated Extensions - JoomlaWorks Apr 24, 2024 | 18:23 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
New free extension release: Quick Menu (for Joomla 4)
Blog - JoomlaWorks Mar 6, 2023 | 18:47 pm
Read more...
Today we're launching Quick Menu, a new free admin module for Joomla 4 which adds a handy top-side (desktop) or bottom-side (mobile) menu in the Joomla 4 backend. The purpose of Quick Menu is to restore UX sanity & reduce[…] -
Quick Menu (for Joomla 4)
Updated Extensions - JoomlaWorks Mar 6, 2023 | 18:31 pm
Read more...
Quick Menu (by JoomlaWorks) is a Joomla 4 administrator module which adds a handy quick menu to the Joomla 4 backend to restore UX sanity! FEATURES Less clicks to important content management and admin tasks in the Joomla 4 backend...[…] -
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Feb 28, 2023 | 13:43 pm
Read more...
Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish image gallery within any Joomla article,[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Jan 23, 2023 | 14:08 pm
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
K2 v2.11, rolling releases, Joomla 4 and more
blog Jan 11, 2023 | 16:51 pm
Read more...
K2 v2.11 is now available to download for Joomla versions 1.5 to 3.x. This release adds new features, improves existing features, resolves various bugs and adds PHP 8 compatibility. If you're also wondering what's up with Joomla 4, read on... First[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks Jan 11, 2023 | 14:39 pm
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jan 11, 2023 | 14:28 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
AllVideos
Updated Extensions - JoomlaWorks Jan 11, 2023 | 14:27 pm
Read more...
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website. Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion,[…] -
SocialConnect
Updated Extensions - JoomlaWorks Mar 3, 2022 | 19:05 pm
Read more...
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration. Features Let your users register to[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Mar 3, 2022 | 19:04 pm
Read more...
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…] -
Simple Image Gallery (free) v4.2 released
Blog - JoomlaWorks Jan 7, 2022 | 20:20 pm
Read more...
Simple Image Gallery (free) version 4.2 is now available to download. This is a maintenance release. Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.2: Resolves fatal PHP error in Joomla 4 caused[…] -
Simple Image Gallery Pro v3.9.1 released (bug-fix release)
Blog - JoomlaWorks Jul 26, 2021 | 14:21 pm
Read more...
Simple Image Gallery Pro v3.9.1 is now available to download for subscribers. This is a minor bug-fix release following the release of version 3.9.0 a couple weeks ago. For a detailed look on the new features and changes in v3.9.0,[…] -
Simple Image Gallery Pro v3.9.0 released
Blog - JoomlaWorks Jul 5, 2021 | 16:59 pm
Read more...
Simple Image Gallery Pro v3.9.0 is now available to download for subscribers. It's both a bug-fix and new feature release. Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.9.0: SIGPro will now read[…] -
Simple RSS Feed Reader v3.9.0 released
Blog - JoomlaWorks May 25, 2021 | 08:47 am
Read more...
Today we're releasing version 3.9.0 of the Simple RSS Feed Reader module. This is a bugfix release. Here's what's been added or changed (in more detail) with the release of v3.9.0: Fix the installer for Joomla 3.x on new installations.[…] -
Simple RSS Feed Reader v3.8.0 released
Blog - JoomlaWorks Feb 3, 2021 | 15:42 pm
Read more...
Today we're releasing version 3.8.0 of the Simple RSS Feed Reader module. This new release brings back Joomla 1.5 support (by popular request), it introduces a new sub-template & changes the remote image resizing service from Mobify to Images.weserv.nl. Here's what's[…] -
Improve the performance of your Joomla articles (part 1)
Blog - JoomlaWorks Dec 4, 2020 | 16:44 pm
Read more...
The performance of the default article system in Joomla really sucks big time, that's a well know fact. It''s actually one of the reasons we built K2 in the first place. And as we venture into Joomla 4 territory, instead[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
K2 Plugin for sh404SEF version 1.6.0 released
Blog - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general. Here's what's been added or changed in the K2[…] -
Simple Image Gallery Pro v3.8.0 released
Blog - JoomlaWorks Jun 10, 2020 | 15:51 pm
Read more...
Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility. Here's what's been added or changed in Simple[…] -
K2 v2.10.3 now available
blog Apr 29, 2020 | 20:21 pm
Read more...
K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…] -
K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!
blog Dec 11, 2019 | 22:02 pm
Read more...
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…] -
Retiring the K2 templates section
blog Dec 8, 2019 | 16:05 pm
Read more...
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED). We stopped accepting new entries for templates in the KED about 2 weeks ago and this[…] -
K2 v2.10.1 released
blog Nov 26, 2019 | 18:17 pm
Read more...
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…] -
K2 v2.10.0 released
blog Nov 15, 2019 | 01:04 am
Read more...
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 16:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
K2 v2.8.0 released
blog Aug 18, 2017 | 12:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 01:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 05:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…]
