Aggregator

A vulnerability was found in Moxa TN-5900 up to 3.3. It has been classified as very critical. This affects an unknown part of the component Web API. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-33237. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Moxa MXsecurity up to 1.0.0. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2023-39981. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #432614 / VDB-282010

A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10449. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. This vulnerability is handled as CVE-2024-10448. The attack may be launched remotely. Furthermore, there is an exploit available. Other endpoints might be affected as well.

Submit #432564 / VDB-282009

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. This vulnerability is known as CVE-2024-10447. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. This vulnerability is traded as CVE-2024-10446. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #432501 / VDB-282008

Gentoo 发行版项目宣布引入了用于动态跟踪内核或用户空间程序的工具 DTrace，只需要安装软件包 dev-debug/dtrace，最新发行版内核已经启用了所有必要的内核选项。DTrace 源自于 Sun Microsystems 的 Solaris Unix 系统，是一种全面的动态跟踪框架，用于实时排除生产系统上的内核和应用问题，它已经被移植到了类 Unix 系统如 Linux。 DTrace 可用于获取运行中系统的全局概览，如活动进程使用的内存量、CPU 时间、文件系统和网络资源。它还可提供更细粒度信息，如调用特定函数时所用参数的日志，或访问特定文件的进程列表。

Submit #432372 / VDB-282007

Submit #432371 / VDB-282006

23 октября Грег Кроа-Хартман, один из ведущих разработчиков ядра Linux, уволил 11 специалистов из РФ.

A vulnerability classified as critical has been found in Barracuda Networks Barracuda Spam Firewall 3.1.16. This affects an unknown part of the file img.pl of the component Firmware. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2005-2847. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

In the war against malicious cyber activity, it’s time for security vendors to step in – and it’s not how you might think. CISA Director Jen Easterly put it right at this year’s Black Hat conference: “We got ourselves into this; we have to get ourselves out.” Geopolitical tensions are rising worldwide, attacks are becoming increasingly sophisticated, and nation-state threats on US organizations and critical infrastructure are at an all-time high. As we prepare to … More →

The post A good cyber leader prioritizes the greater good appeared first on Help Net Security.

今年10月底开始，香港将禁止公务员在办公电脑上使用包括微信、WhatsApp Web和Google Drive在内的云存储及即时通讯服务。

A vulnerability classified as critical was found in Apple iOS up to 10.2. This vulnerability affects unknown code of the component FontParser. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2407. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GDidees CMS up to 3.9.1. It has been rated as problematic. This issue affects some unknown processing of the file /_admin/imgdownload.php. The manipulation of the argument filename leads to information disclosure. The identification of this vulnerability is CVE-2023-27179. Access to the local network is required for this attack. Furthermore, there is an exploit available.

0x01 写在前面前段时间在字节 CTF 的大师赛上出了一个杂项，算是前段时间研究某个中间件的衍生产物，觉得很有兴趣，最近有时间便拿出来分享一下出题思路0x02 小玩笑当今时代，消息中间件已成为...

A vulnerability, which was classified as critical, was found in EZCMS EZTechhelp EZCMS up to 1.2. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2008-2920. It is possible to launch the attack remotely. Furthermore, there is an exploit available.