Aggregator

A vulnerability classified as critical was found in IBM Rational DOORS up to 9.5.10. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2018-1457. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply the suggested workaround.

RansomHub Ransomware Profile

Explore comprehensive threat profiles of threat actors, ransomware groups, and their TTPs to stay informed and enhance your cybersecurity strategy.

A vulnerability was found in @1 File Store and classified as critical. This issue affects some unknown processing of the file folder.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2006-1278. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Easy-Script Wysi Wiki Wyg 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2008-3205. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in @1 File Store and classified as critical. This issue affects some unknown processing of the file control/groups/delete.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2006-1278. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in @1 File Store. It has been classified as critical. Affected is an unknown function of the file confirm.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2006-1278. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in @1 File Store. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file download.php. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2006-1278. The attack can be launched remotely. Furthermore, there is an exploit available.

As AWS continues to evolve, new services and permissions are frequently introduced to enhance functionality and security. This blog provides a comprehensive recap of new sensitive permissions and services added in October 2024. Our intention in sharing this is to flag the most important releases to keep your eye on and update your permissions and […]

The post October Recap: New AWS Sensitive Permissions and Services appeared first on Security Boulevard.

OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.

Keep Your Organization Safe with Up-to-Date CVE Information   Cybersecurity vulnerability warnings from the National Institute of Standards and Technology (NIST) continue to identify critical concerns. If not promptly addressed, your organization is at risk. Recent high-severity vulnerabilities highlight the urgent need for timely patching and updates to defend against both existing and new threats. Don’t...

The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on TrueFort.

The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on Security Boulevard.

2024年8月13日，微软在“补丁星期二”更新中披露了一个严重漏洞CVE-2024-38063，这是在Windows内核中相当典型的一个漏洞，笔者尝试对其进行原理上的剖析，因时间有限，文章或有遗漏或缺失。

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been declared as critical. Affected by this vulnerability is the function restore of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51252. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Yealink Meeting Server 26.0.0.66. It has been classified as problematic. Affected is an unknown function of the component Server Response Handler. The manipulation of the argument Enterprise ID leads to information disclosure. This vulnerability is traded as CVE-2024-48352. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.