Aggregator

A vulnerability classified as critical has been found in EnGenius ENH1350EXT up to 3.9.3.2_c1.9.51. Affected is an unknown function of the component Ping/Speed Test. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-45242. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in OpenRefine up to 3.8.2. It has been rated as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Content-Type leads to cross site scripting. The identification of this vulnerability is CVE-2024-47880. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IceWhaleTech ZimaOS up to 1.2.4. It has been declared as critical. This vulnerability affects unknown code of the file /v1/users/name` of the component API Endpoint. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-48932. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenRefine up to 3.8.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-47879. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in snowflakedb snowflake-connector-python up to 3.12.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Logging Level Handler. The manipulation of the argument passcode leads to sensitive information in log files. This vulnerability is handled as CVE-2024-49750. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Pterodactyl Panel up to 1.11.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Two-factor Authentication Handler. The manipulation leads to cleartext storage in a file or on disk. This vulnerability is known as CVE-2024-49762. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Money Manager EX WebApp 1.2.2. Affected is the function redirect_if_not_loggedin of the file functions_security.php. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-41617. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Okta Verify 9.25.1/9.27.0 on iOS. This issue affects the function ContextExtension of the component Push Notification Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-10327. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 赛智产业研究院院长 赵刚01公共数据资源开发利用是深化数据要素市场化配置改革的先行之举公共数据资源是各级党政机关

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063漏洞情况近日，国家信息安全漏洞库(CNNVD)收到关于Fortinet FortiManager访问控制错误漏洞(CNN

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 国家工业信息安全发展研究中心 张格 孙娅苹 高莹莹 张哲宇当前，我国新型工业化不断深入推进，新一代信息技术与制造

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063为整治网上国家通用语言文字不规范使用乱象，塑造有利于未成年人健康成长的网络环境和育人生态，近日，中央网信办、教育部印发通

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 宁波大学法学院教授 谢小瑶进入数字时代，数字技术重构了社会生产生活方式，数据已经逐渐成为市场创新发展和政府公共治

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 中国人民大学国际关系学院博士研究生 安怡宁；中国社会科学院世界经济与政治研究所助理研究员 陈兆源网络空间是人类共

A vulnerability, which was classified as critical, was found in Trustwave ModSecurity. Affected is an unknown function of the component Multipart Request Parser. The manipulation with the input Content-Disposition: form-data; name="id"[\r][\r][\n] as part of POST Request leads to improper access controls. This vulnerability is traded as CVE-2012-4528. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Ntoseye Windows kernel debugger for Linux hosts running Windows under KVM/QEMU. Features Command line interface WinDbg style commands Kernel debugging PDB fetching Breakpointing Scripting API (Lua) Supported Windows ntoseye currently only supports Windows 10...

The post Ntoseye: Windows kernel debugger for Linux hosts running Windows under KVM/QEMU appeared first on Penetration Testing Tools.

GetAltName GetAltName (or GAN) is a tool that can extract Subject Alternative Names found in SSL Certificates directly from HTTPS websites which can provide you with DNS names (subdomains) or virtual servers. This code extracts subdomain names from https sites...

The post getaltname: Extract subdomains from SSL certificates in HTTPS sites appeared first on Penetration Testing Tools.

TLS Attacker TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This...

The post TLS-Attacker: Java-based framework for analyzing TLS libraries appeared first on Penetration Testing Tools.

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士美国网络安全和基础设施安全局 (CISA) 正在提出新的安全要求，阻止敌对实例访问美国人的个人数据以及政府相关信息。这些要求的对象是参与涉及大量美国

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士三星移动处理器中存在一个0day漏洞 (CVE-2024-44068)，正被用于利用链中，实施任意代码执行。该漏洞的CVSS评分为8.1，已在三星十