Aggregator

A vulnerability was found in Checkmk up to 2.0.0p39/2.1.0p98/2.2.0p24/2.3.0b4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component websphere_mq Agent Plugin. The manipulation leads to acceptance of extraneous untrusted data with trusted data. This vulnerability is known as CVE-2024-3367. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Python Pip Pandas 2.2.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-42992. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Shield Security Plugin up to 20.0.5 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-7313. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Quiz and Survey Master Plugin up to 9.1.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6879. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Gameloft Wonder Zoo - Animal rescue 1.6.1. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-5628. The attack needs to be approached within the local network. There is no exploit available.

法国安全服务公司 Quarkslab 的研究员 Philippe Teuwen 发现，复旦微电子集团制造的非接触式读卡器芯片使用了相同的密钥，允许在数分钟内克隆 RFID 智能卡，打开世界各地的房门。复旦微电子在 2020 年发布了用于门锁钥匙、小额支付、会员卡的 FM11RF08S，它使用了被称为“静态加密随机数（static encrypted nonce）”的方法，研究人员设计了一种攻击方法，如果 FM11RF08S 密钥在至少三张卡上重复使用，就能破解它。进一步研究发现，FM11RF08S 存在一个硬件后门——也就是所有卡使用的相同密钥。Teuwen 发现上一代的 FM11RF08 存在相似的后门但使用了不同的密钥，该密钥被发现被 FM11RF08、FM11RF32、FM1208-10，以及 NXP 和 Infineon 的部分卡使用。Quarkslab 督促世界各地的酒店检查其房卡使用的芯片，评估安全风险。

本地化要求

A vulnerability classified as critical was found in Gameloft Ice Age Village 2.8.0. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-5627. Access to the local network is required for this attack to succeed. There is no exploit available.

Miggio has discovered a configuration-based vulnerability that enables cybercriminals to bypass authentication and authorization services provided by the Application Load Balancer (ALB) from Amazon Web Services (AWS) that could affect more than 15,000 potentially vulnerable applications.

The post Miggio Uncovers AWS Load Balancer Security Flaw appeared first on Security Boulevard.

Explore the latest features and enhancements in CodeSentry 6.1! We are excited to announce several enhancements in the latest release of CodeSentry:  Operating System and Package Analysis (Windows): Detects the detailed Windows Version, Build and UBR (Update Build Revision) Reports all application and software packages installed on a Windows disk image Enables precise reporting of…

The post What’s New in CodeSentry 6.1  appeared first on CodeSecure.

The post What’s New in CodeSentry 6.1  appeared first on Security Boulevard.

Шан Хейнс: от уважаемого банкира до преступника за несколько месяцев.

A vulnerability has been found in GaziYapBoz Game Portal and classified as critical. Affected by this vulnerability is an unknown functionality of the file kategori.asp. The manipulation of the argument kategori leads to sql injection. This vulnerability is known as CVE-2007-1410. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in awstats and classified as critical. Affected by this issue is some unknown functionality of the file awstats.cgi of the component Configuration File. The manipulation of the argument configdir leads to code injection. This vulnerability is handled as CVE-2010-4367. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading

Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data from Disney's internal Slack messaging channels. The breach exposed

Блокировка карты больше не означает безопасность.

Backprop доказывает: не все новое – лучшее.

A vulnerability, which was classified as critical, was found in WEBO 1.0. Affected is an unknown function of the file modules/abook/foldertree.php. The manipulation of the argument baseDir leads to file inclusion. This vulnerability is traded as CVE-2007-1391. It is possible to launch the attack remotely. Furthermore, there is an exploit available.