DataCarry
You must login to view this content
Aggregator
DataCarry
3 months 1 week ago
You must login to view this content
cohenido
CVE-2011-5227 | Enterasys Netsight 4.1.0.79 nssyslogd.exe memory corruption (EDB-23887 / ID 12688)
3 months 1 week ago
A vulnerability classified as very critical has been found in Enterasys Netsight 4.1.0.79. This affects an unknown part of the file nssyslogd.exe. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2011-5227. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
普京表态要封锁微软和 Zoom 的服务
3 months 1 week ago
俄罗斯总统普京周一表示,外国服务提供商如微软和 Zoom 的行为违反了俄罗斯利益,应该受到限制。在俄罗斯入侵乌克兰之后,西方国家对俄罗斯进行了制裁,大部分西方企业都撤离了俄罗斯,如麦当劳就出售了其在俄业务。微软和 Zoom 是少数仍然向俄罗斯提供有限服务的美国公司。普京没有进一步说明是否会采取行动封锁微软和 Zoom 的服务,他强调要发展本国替代软件解决方案。
30 миллиардов долларов и свободы: как “дизельная мафия” Volkswagen проиграла суд
3 months 1 week ago
Один заговор — и целая индустрия пошла под воду.
Why app modernization can leave you less secure
3 months 1 week ago
Enterprises typically “modernize” access patterns for an application by enabling industry standard protocols like OIDC or SAML to provide single sign-on (SSO) for legacy apps via a cloud identity provider (IDP). That’s a major step towards better user experience, improved credential hygiene, and centralized authentication, but it is not enough. Most modernization projects stop at the authentication layer, believing that identity transformation is complete once SAML or OIDC is wired up. What’s often overlooked is … More →
The post Why app modernization can leave you less secure appeared first on Help Net Security.
Help Net Security
CVE-2025-5117 | Property Plugin 1.0.5/1.0.6 on WordPress property_package_user_role authorization
3 months 1 week ago
A vulnerability, which was classified as critical, was found in Property Plugin 1.0.5/1.0.6 on WordPress. This affects the function property_package_user_role. The manipulation leads to missing authorization.
This vulnerability is uniquely identified as CVE-2025-5117. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-26211 | Gibbon up to 28.x cross-site request forgery
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Gibbon up to 28.x. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery.
This vulnerability is handled as CVE-2025-26211. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48744 | SIGB PMB prior 8.0.1.2 path traversal
3 months 1 week ago
A vulnerability classified as critical was found in SIGB PMB. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal.
This vulnerability is known as CVE-2025-48744. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48743 | SIGB PMB prior 8.0.1.2 sql injection
3 months 1 week ago
A vulnerability classified as critical has been found in SIGB PMB. Affected is an unknown function. The manipulation leads to sql injection.
This vulnerability is traded as CVE-2025-48743. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48742 | SIGB PMB prior 8.0.1.2 Installer missing authentication
3 months 1 week ago
A vulnerability was found in SIGB PMB. It has been rated as critical. This issue affects some unknown processing of the component Installer. The manipulation leads to missing authentication.
The identification of this vulnerability is CVE-2025-48742. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48382 | codelibs fess up to 14.19.1 org.codelibs.fess.helper.SystemHelper createTempFile permission assignment (GHSA-g88v-2j67-9rmx)
3 months 1 week ago
A vulnerability was found in codelibs fess up to 14.19.1. It has been declared as problematic. This vulnerability affects the function createTempFile of the component org.codelibs.fess.helper.SystemHelper. The manipulation leads to incorrect permission assignment.
This vulnerability was named CVE-2025-48382. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48054 | radashi up to 12.5.0 set path prototype pollution (GHSA-2xv9-ghh9-xc69)
3 months 1 week ago
A vulnerability was found in radashi up to 12.5.0. It has been classified as critical. This affects the function Set. The manipulation of the argument path leads to improperly controlled modification of object prototype attributes ('prototype pollution').
This vulnerability is uniquely identified as CVE-2025-48054. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-33079 | IBM Controller/Cognos Controller 11.0.0/11.0.1/11.1.0 credentials storage
3 months 1 week ago
A vulnerability was found in IBM Controller and Cognos Controller 11.0.0/11.0.1/11.1.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to unprotected storage of credentials.
This vulnerability is handled as CVE-2025-33079. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48828 | vBulletin 6.0.3 Template improper protection of alternate path
3 months 1 week ago
A vulnerability has been found in vBulletin 6.0.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to improper protection of alternate path.
This vulnerability is known as CVE-2025-48828. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-48827 | vBulletin up to 5.7.5/6.0.3 api.php?method=protectedMethod improper protection of alternate path
3 months 1 week ago
A vulnerability, which was classified as critical, was found in vBulletin up to 5.7.5/6.0.3. Affected is an unknown function of the file /api.php?method=protectedMethod. The manipulation leads to improper protection of alternate path.
This vulnerability is traded as CVE-2025-48827. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
朝鲜“227研究中心”背后的网络暗战:东大如何应对新兴威胁?
3 months 1 week ago
在这个数字化时代,网络空间已成为各国角力的新战场。而朝鲜,这个神秘而又封闭的国度,最近在网络战领域掀起了一场
美人计:情报世界里最古老而致命的武器
3 months 1 week ago
Когда операция ФБР — не ликвидация, а реклама: Lumma живее всех живых
3 months 1 week ago
После громкой зачистки Lumma ожил и начал сливать новые пароли
How AI agents reshape industrial automation and risk management
3 months 1 week ago
In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity implications of deploying AI agents in industrial environments. He talks about the risks that come with AI agents making semi-autonomous decisions, and why a layered security approach like Defense-in-Depth is key to keeping industrial systems safe. What are the implications of an AI agent being compromised in a critical infrastructure environment, such as an … More →
The post How AI agents reshape industrial automation and risk management appeared first on Help Net Security.
Mirko Zorz