Aggregator

A vulnerability was found in eSHOP100 and classified as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument SUB leads to sql injection. This vulnerability is handled as CVE-2008-5190. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Vizzed Acmlmboard 1.a2 and classified as critical. This vulnerability affects unknown code of the file memberlist.php. The manipulation of the argument pow leads to sql injection. This vulnerability was named CVE-2008-5198. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in NetWin Surgemail 3.9e. It has been declared as problematic. This vulnerability affects unknown code of the component IMAP Service. The manipulation of the argument first leads to memory corruption. This vulnerability was named CVE-2008-7182. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Sebrac SebracCMS 0.4. Affected by this vulnerability is an unknown functionality. The manipulation of the argument uname leads to sql injection. This vulnerability is known as CVE-2008-5195. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Com Xewebtv on Joomla. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2008-5200. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

A vulnerability was found in Smash Balloon Custom Twitter Feeds Plugin up to 2.2.3 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-49685. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Lukas Huser EKC Tournament Manager Plugin up to 2.2.1 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-49674. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Podlove Podcast Publisher Plugin up to 4.1.13 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-43984. The attack can be launched remotely. There is no exploit available.

De omgeving van de Van Ghentkazerne in Rotterdam waardeert het contact met de daar gelegerde mariniers. Burgers en samenwerkingspartners benoemen de goede communicatie, maatschappelijke bijdragen en open houding. Wel missen zij een centraal meldpunt voor vragen of klachten over de kazerne. Dat blijkt uit een onderzoek van de Auditdienst Rijk (ADR).

A vulnerability was found in Apple macOS up to 10.12.3 and classified as critical. Affected by this issue is some unknown functionality of the component Keyboards. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2017-2458. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apache Lucene.Net.Replicator up to 4.8.0-beta00016. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-43383. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Данные пользователей оказались в заложниках предприимчивых злоумышленников.

Thunderbird for Android 发布了首个正式版。Thunderbird 的 Android 版源自开源邮件客户端 K-9 Mail，K-9 Mail 是在 2022 年 6 月加入 Thunderbird 项目的，到 Thunderbird for Android 的正式发布经历了两年多的时间，用户可通过 Google Play Store、GitHub Releases 或 Thunderbird 官网下载使用，开源应用商店 F-Droid 将在晚些时候发布。Thunderbird for Android 主要功能包括：浅色/深色主题，通过 OpenKeychain 应用使用 OpenPGP 加密和解密邮件，统一收件箱、启用/禁用联系人图片，选择立即、按设定的时间间隔或按需同步邮件，选择退出数据使用收集以保护隐私，等等。

Check Point

A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. This vulnerability is traded as CVE-2024-10378. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in libsndfile up to 1.2.2. It has been classified as problematic. Affected is the function mpeg_l3_encoder_close of the file mpeg_l3_encode.c. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2024-50613. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical was found in MaanTheme MaanStore API Plugin up to 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-50487. The attack can be initiated remotely. There is no exploit available.