Aggregator

A vulnerability was found in SeaCMS 13.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library /admin_reslib.php. The manipulation of the argument url leads to server-side request forgery. This vulnerability is known as CVE-2024-44721. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in SeaCMS 13.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_safe.php. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-44720. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in D-Link DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2 and DI-7400G+V2 24.04.18. It has been classified as critical. Affected is an unknown function of the file usb_paswd.asp of the component CGI Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-44333. It is possible to launch the attack remotely. There is no exploit available.

Amid the constant shifts in cybersecurity threats, organizations need more than just traditional managed detection and response (MDR) services. They need a comprehensive, intelligent and unified approach to cybersecurity. Enter Nuspire’s Cybersecurity Experience – a game-changing suite of tools and technologies designed to enhance MDR capabilities and empower organizations to stay ahead of cyber threats. Let’s explore how this innovative ... Read More

The post Transforming MDR: How Nuspire’s Cybersecurity Experience Takes Threat Detection and Response to the Next Level appeared first on Nuspire.

The post Transforming MDR: How Nuspire’s Cybersecurity Experience Takes Threat Detection and Response to the Next Level appeared first on Security Boulevard.

A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO (short for "Radiation of Air-gapped Memory Bus for Offense") by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Slingshots’ appeared first on Security Boulevard.

A vulnerability, which was classified as very critical, has been found in iSula. This issue affects some unknown processing of the component Image Pull Handler. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2021-33635. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in iSula. Affected is an unknown function of the component Load Command Handler. The manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2021-33636. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. This vulnerability is handled as CVE-2024-2935. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. This affects an unknown part of the file /attendancelist.php of the component Attendance Report Page. The manipulation of the argument aid leads to sql injection. This vulnerability is uniquely identified as CVE-2024-6274. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in SAP Enable Now ENABLE_NOW_CONSUMP_DEL 1704/WPB_MANAGER_CE 10/WPB_MANAGER_HANA 10. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-34692. An attack has to be approached locally. There is no exploit available.

A vulnerability has been found in SAP Business Workflow (WebFlow Services) up to 758 and classified as critical. This vulnerability affects unknown code of the component WebFlow Service. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2024-34689. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in SAP S4HANA Finance 107/108. It has been classified as critical. Affected is an unknown function of the component Advanced Payment Management. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-37172. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in SAP CRM WebClient UI. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-37175. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in SAP Transportation Management 140/150/160/170. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Collaboration Portal. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-37171. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in Siemens SINEMA Remote Connect Server up to 3.2. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-39865. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical has been found in Siemens SINEMA Remote Connect Server up to 3.2. Affected is an unknown function. The manipulation leads to privilege defined with unsafe actions. This vulnerability is traded as CVE-2024-39866. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Siemens SINEMA Remote Connect Server up to 3.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to direct request. This vulnerability is known as CVE-2024-39867. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Siemens SINEMA Remote Connect Server up to 3.2. Affected by this issue is some unknown functionality of the component VXLAN Configuration Handler. The manipulation leads to direct request. This vulnerability is handled as CVE-2024-39868. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Siemens SINEMA Remote Connect Server up to 3.2. This affects an unknown part. The manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2024-39869. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.