Aggregator

CVE-2020-7019 | Elasticsearch up to 6.8.11/7.8.x Field Level Security privilege context switching error (Nessus ID 261365)

Vuldb Updates
3 days 15 hours ago
A vulnerability has been found in Elasticsearch up to 6.8.11/7.8.x and classified as problematic. This impacts an unknown function of the component Field Level Security. The manipulation leads to privilege context switching error. This vulnerability is uniquely identified as CVE-2020-7019. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2021-20281 | Moodle up to 3.5.16/3.8.7/3.9.4/3.10.1 Online Users Block information disclosure (Nessus ID 261366)

Vuldb Updates
3 days 15 hours ago
A vulnerability was found in Moodle up to 3.5.16/3.8.7/3.9.4/3.10.1. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Online Users Block. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2021-20281. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2019-7581 | libming up to 0.4.8 util/parser.c parseSWF_ACTIONRECORD SWF File memory corruption (Issue 173 / Nessus ID 261369)

Vuldb Updates
3 days 15 hours ago
A vulnerability described as critical has been identified in libming up to 0.4.8. This affects the function parseSWF_ACTIONRECORD of the file util/parser.c. Executing manipulation as part of SWF File can lead to memory corruption. This vulnerability is registered as CVE-2019-7581. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2019-7582 | libming up to 0.4.8 util/read.c readBytes SWF File memory corruption (Issue 172 / Nessus ID 261370)

Vuldb Updates
3 days 15 hours ago
A vulnerability classified as critical has been found in libming up to 0.4.8. This vulnerability affects the function readBytes of the file util/read.c. The manipulation as part of SWF File leads to memory corruption. This vulnerability is documented as CVE-2019-7582. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2019-14829 | Moodle up to 3.5.7/3.6.5/3.7.1 Activity Creation improper following of specification by caller (Nessus ID 261368)

Vuldb Updates
3 days 15 hours ago
A vulnerability, which was classified as problematic, was found in Moodle up to 3.5.7/3.6.5/3.7.1. Affected by this issue is some unknown functionality of the component Activity Creation Handler. Executing manipulation can lead to improper following of specification by caller. This vulnerability is tracked as CVE-2019-14829. The attack is only possible within the local network. No exploit exists. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2018-14379 | MP4v2 2.0.0 mp4atom.cpp MP4Atom::factory MP4 File type conversion (FEDORA-2019-1030f4816a / Nessus ID 261377)

Vuldb Updates
3 days 15 hours ago
A vulnerability was found in MP4v2 2.0.0. It has been declared as critical. This affects the function MP4Atom::factory of the file mp4atom.cpp. Such manipulation as part of MP4 File leads to incorrect type conversion. This vulnerability is traded as CVE-2018-14379. The attack may be launched remotely. There is no exploit available.
vuldb.com

Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution

Cyber Security News
3 days 15 hours ago

Cybersecurity researchers have demonstrated a sophisticated technique for bypassing Web Application Firewalls (WAFs) using JavaScript injection combined with HTTP parameter pollution, exposing critical vulnerabilities in modern web security infrastructure. The research, conducted during an autonomous penetration test, revealed how attackers can exploit parsing differences between WAF engines and web application frameworks to execute malicious code […]

The post Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution appeared first on Cyber Security News.

Tushar Subhra Dutta

Hackers Exploit Amazon SES to Blast Over 50,000 Malicious Emails Daily

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 days 16 hours ago

A sophisticated cyberattack campaign where threat actors exploited compromised AWS credentials to hijack Amazon’s Simple Email Service (SES), launching large-scale phishing operations capable of sending over 50,000 malicious emails daily. The Wiz Research team identified this alarming SES abuse campaign in May 2025, highlighting a concerning trend where cybercriminals are weaponizing legitimate cloud services to […]

The post Hackers Exploit Amazon SES to Blast Over 50,000 Malicious Emails Daily appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Managed ad