Aggregator

The IT/cyber Buy vs. Build discussions often focus on, and present the issue at hand as a zerosu

A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-7446. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkout_ticket_save.php. The manipulation of the argument data leads to sql injection. This vulnerability is handled as CVE-2024-7445. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in itsourcecode Ticket Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. This vulnerability is known as CVE-2024-7444. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2024-7443. It is possible to launch the attack remotely. There is no exploit available. Vendor was contacted early and confirmed that the affected release tree is end-of-life. It is recommended to apply restrictive firewalling.

A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-7442. The attack may be initiated remotely. There is no exploit available. Vendor was contacted early and confirmed that the affected release tree is end-of-life. It is recommended to apply restrictive firewalling.

A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2024-7441. The attack can be initiated remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the affected release tree is end-of-life. It is recommended to apply restrictive firewalling.

A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-7440. It is possible to initiate the attack remotely. There is no exploit available. Vendor was contacted early and confirmed that the affected release tree is end-of-life. It is recommended to apply restrictive firewalling.

A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-7439. The attack may be launched remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the affected release tree is end-of-life. It is recommended to apply restrictive firewalling.

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. This vulnerability is known as CVE-2024-7438. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. This vulnerability is traded as CVE-2024-7437. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The identification of this vulnerability is CVE-2024-7436. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in FOGproject FOG up to 1.5.10.41.2. This vulnerability affects unknown code of the component Computer Registration Handler. The manipulation leads to command injection. This vulnerability was named CVE-2024-42348. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Red Hat OpenStack Platform 13/16.1/16.2/17.0 on CVE. This affects an unknown part of the component openstack-heat. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-7319. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in FOGproject FOG up to 1.5.10.41.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fog_login_accepted.log. The manipulation leads to sensitive information in log files. This vulnerability is handled as CVE-2024-42349. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

error code: 1106

error code: 1106

​The U.S. Department of Justice has filed a lawsuit against social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children's privacy laws. [...]