Active Cyber Defence takes action against scammers attempting to take advantage of the COVID-19 pandemic – and did so with some help from the general public.
[joplin] Cross-site Scripting in Joplin
An XSS issue in Joplin desktop allows arbitrary code execution via a malicious HTML embed tag.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-15930
https://github.com/laurent22/joplin/issues/3552
https://github.com/laurent22/joplin/releases/tag/…
[primefaces] Cross-site Scripting in PrimeFaces
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.
…
[google-closure-library] Improper Input Validation in Google Closure Library
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation — update your library to version v202…
[org.odata4j:odata4j-dist] SQL Injection in odata4j
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE, this product is apparently discontinued.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-11023
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
https:…
[org.odata4j:odata4j-dist] SQL Injection in odata4j
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE, this product is apparently discontinued.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-11023
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
https:…
[org.odata4j:odata4j-dist] SQL Injection in odata4j
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-11024
https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ
https:/…
[org.webjars.bowergithub.wycats:handlebars.js] Remote code execution in handlebars when compiling templates
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-23369
https://github….
中国人民解放軍61419部隊の英語版ウィルス対策ソフト購入実態 米脅威インテリジェンスグループが調達文書入手
米マサチューセッツ州のサイバーセキュリティ企業、RecordedFutureの脅威インテリジェンスグ…
中森明菜「禁区」細野晴臣のクールなテクノ歌謡は歌番組泣かせ? 1983年 9月7日 中森明菜のシングル「禁区」がリリースされた日
中森明菜、キャリアの中で潮目となった歌長くヒットチャートを賑わせた歌手には何かしら “潮目” となっ…