Aggregator

A vulnerability, which was classified as critical, has been found in WP Swings Coupon Referral Program Plugin up to 1.7.2 on WordPress. Affected by this vulnerability is an unknown functionality. This manipulation causes deserialization. The identification of this vulnerability is CVE-2024-25100. It is possible to initiate the attack remotely. There is no exploit available.

A proof-of-concept (PoC) exploit has been released for a critical remote code execution (RCE) vulnerability in ImageMagick 7’s MagickCore subsystem, specifically affecting the blob I/O (BlobStream) implementation. Security researchers and the ImageMagick team urge all users and organizations to update immediately to prevent exploitation. ImageMagick, a widely used image processing library, was found to contain a heap out-of-bounds write […]

The post PoC Exploit Released for ImageMagick RCE Vulnerability – Update Now appeared first on Cyber Security News.

A vulnerability has been found in libesmtp 0.8.11 and classified as critical. This issue affects the function read_smtp_response of the file protocol.c. The manipulation leads to memory corruption. This vulnerability is documented as CVE-2002-1090. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Mantis 0.17.0/0.17.1/0.17.2/0.17.3. The affected element is an unknown function of the file config_inc2.php. The manipulation with the input g_bottom_include_page/g_top_include_page/g_css_include_file/g_meta_include_file leads to improper privilege management. This vulnerability is referenced as CVE-2002-1114. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Mantis. Impacted is an unknown function of the file summary_graph_functions.php. Executing manipulation of the argument g_jpgraph_path can lead to improper privilege management. The identification of this vulnerability is CVE-2002-1113. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Oracle Reports 6.0.8/6.0.8.19. This vulnerability affects unknown code of the file rwcgi60. Executing manipulation can lead to information disclosure (Path). This vulnerability is registered as CVE-2002-1089. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in Mantis up to 0.17.3. This vulnerability affects the function limit_reporters of the file print_all_bug_page.php. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2002-1111. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Mantis. This issue affects some unknown processing of the component Authentication. Performing manipulation results in improper privilege management (Cookie). This vulnerability was named CVE-2002-1112. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

文章介绍了如何利用HTML注入漏洞进行JavaScript侦察（JS Recon），通过简单的HTML标签如``窃取API密钥、内部子域名和隐藏端点。文章分步骤讲解了如何找到注入点、编写payload、手动分析JS文件以及利用工具自动化探测。

The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat actor exfiltrated data from their customers’ Salesforce instances by leveraging stolen OAuth credentials that enable the integration of their Drift (Salesloft) chatbot with said instances. Google Threat Intelligence Group attributed the attack to an attack group … More →

The post Salesloft Drift data breach: Investigation reveals how attackers got in appeared first on Help Net Security.

Google обвинили в избирательном спаме писем республиканцев.

A vulnerability described as problematic has been identified in sanitize-html up to 1.0.2. This vulnerability affects the function naughtyHref of the component Anchor Tag Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2014-125128. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in sanitize-html 1.4.3. This affects the function sanitizeHtml of the file index.js. Performing manipulation of the argument transformTags results in cross site scripting. This vulnerability is identified as CVE-2019-25225. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in ITCube CRM up to 2025.2. Affected by this issue is some unknown functionality. Such manipulation of the argument fileName leads to path traversal. This vulnerability is referenced as CVE-2025-5993. It is possible to launch the attack remotely. No exploit is available.

在Meta BountyCon活动中，研究人员发现Facebook Messenger for Windows中的路径遍历漏洞可被利用并通过DLL劫持实现远程代码执行，最终获得$111,750奖金。

A vulnerability categorized as problematic has been discovered in Google Android. The impacted element is the function init. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2023-21044. The attack must be carried out locally. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability identified as problematic has been detected in Google Android. This affects an unknown function of the component cpif Handler. Performing manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2023-21045. The attack must be initiated from a local position. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Google Android. It has been rated as problematic. The impacted element is an unknown function. Performing manipulation results in use after free. This vulnerability was named CVE-2023-21042. The attack needs to be approached locally. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability categorized as problematic has been discovered in Google Android. This affects an unknown function. Executing manipulation can lead to use after free. The identification of this vulnerability is CVE-2023-21043. The attack can only be executed locally. There is no exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability was found in Google Android. It has been rated as problematic. The affected element is the function dumpstateBoard of the file Dumpstate.cpp. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2023-21039. The attack is restricted to local execution. No exploit exists. To fix this issue, it is recommended to deploy a patch.