Aggregator

CVE-2024-46256 | NginxProxyManager 2.11.3 Add Lets Encrypt Certificate requestLetsEncryptSsl command injection

4 months ago

A vulnerability classified as critical has been found in NginxProxyManager 2.11.3. Affected is the function requestLetsEncryptSsl of the component Add Lets Encrypt Certificate. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-46256. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-46367 | Webkul Krayin CRM 1.3.0 username cross site scripting

VulDB Recent Entries

4 months ago

A vulnerability was found in Webkul Krayin CRM 1.3.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument username leads to cross site scripting. The identification of this vulnerability is CVE-2024-46367. The attack may be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-39275 | Advantech ADAM-5630 up to 2.5.1 persistent cookies containing sensitive information (icsa-24-270-02)

VulDB Recent Entries

4 months ago

A vulnerability was found in Advantech ADAM-5630 up to 2.5.1. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to use of persistent cookies containing sensitive information. This vulnerability was named CVE-2024-39275. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-39364 | Advantech ADAM-5630 up to 2.5.1 HTTP Request missing authentication (icsa-24-270-02)

VulDB Recent Entries

4 months ago

A vulnerability was found in Advantech ADAM-5630 up to 2.5.1. It has been classified as critical. This affects an unknown part of the component HTTP Request Handler. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2024-39364. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Iranian hackers charged for ‘hack-and-leak’ plot to influence election

Bleeping Computer.

4 months ago

The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. [...]

Sergiu Gatlan

CVE-2024-46097 | TestLink 1.9.20 TestPlan Edit Section tplan_id access control

VulDB Recent Entries

4 months ago

A vulnerability was found in TestLink 1.9.20 and classified as critical. Affected by this issue is some unknown functionality of the component TestPlan Edit Section. The manipulation of the argument tplan_id leads to improper access controls. This vulnerability is handled as CVE-2024-46097. The attack can only be initiated within the local network. There is no exploit available.

vuldb.com

CVE-2024-25411 | Flatpress 1.3 setup.php username cross site scripting

VulDB Recent Entries

4 months ago

A vulnerability has been found in Flatpress 1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file setup.php. The manipulation of the argument username leads to cross site scripting. This vulnerability is known as CVE-2024-25411. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-46257 | NginxProxyManager 2.11.3 requestLetsEncryptSslWithDnsChallenge command injection

VulDB Recent Entries

4 months ago

A vulnerability, which was classified as critical, was found in NginxProxyManager 2.11.3. Affected is the function requestLetsEncryptSslWithDnsChallenge. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-46257. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

Meta fined $101 million for storing hundreds of millions of passwords in plaintext

不安全

4 months ago

The social media giant Meta has been fined €91 million ($101 million) for accidentally storing hund

冀朝铸口述回忆录

不安全

4 months ago

《冀朝铸口述回忆录》(新版)这书有新旧两版，书名前后有改动，内容相差不大，新版对旧版做了极少量删剪，但大幅增加了清晰的照片。循惯例，方便诸君，提供一个最少7天有效的临时下载点。以PC版Chrome打开

How to Plan and Prepare for Penetration Testing

不安全

4 months ago

As security technology and threat awareness among organizations improves so do the adversaries who

Top 6 Cloud Security Threats to Watch Out For

不安全

4 months ago

As your business continues moving critical data and workloads into public, private and hybrid cloud

How Should CISOs Navigate the SEC Cybersecurity and Disclosure Rules?

darkreading

4 months ago

Companies that commit to risk management have a strong cybersecurity foundation that makes it easier to comply with the SEC's rules. Here is what you need to know about 8K and 10K filings.

Edge Editors

Novel Exploit Chain Enables Windows UAC Bypass

darkreading

4 months ago

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.

Nate Nelson, Contributing Writer

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

不安全

4 months ago

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and la

USENIX NSDI ’24 – Harmony: A Congestion-free Datacenter Architecture

Security Boulevard

4 months ago

Authors/Presenters:Saksham Agarwal, Qizhe Cai, Rachit Agarwal, David Shmoys, Amin Vahdat

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Harmony: A Congestion-free Datacenter Architecture appeared first on Security Boulevard.

Marc Handelman

What are SMB Ports, Port 139 and Port 445?

Netwrix Blog | Insights for Cybersecurity and IT Pros

4 months ago

This post first appeared on blog.netwrix.com and was written by Mark Techa.
Organizations are increasing their use of various solutions to address communication needs across their infrastructure. As file systems are an integral part of collaboration, this article will dive into one of the most widely used protocols necessary for many systems. We will learn more about the SMB protocol, Port 139, Port 445, how it works, … Continued

Mark Techa

Биохакинг в действии: как ноль «ломает» мозг человека

Securitylab.ru

4 months ago

Ученые обнаружили, что восприятие нуля активирует больше нейронов, чем другие числа.

Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message

Security Affairs

4 months ago

UK police are investigating a cyberattack that disrupted Wi-Fi networks at several train stations across the country. U.K. transport officials and police are investigating a cyber attack on public Wi-Fi networks at the country’s biggest railway stations. Following the ‘cyber-security incident,’ passengers trying to log onto the Wi-Fi at several stations on Wednesday evening were […]

Pierluigi Paganini

The Data Breach Disclosure Conundrum

Troy Hunt

4 months ago

The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I'm writing this after many recent such

Troy Hunt

Aggregator

Managed ad