Aggregator

A vulnerability classified as critical was found in Pressaholic Video Robot Plugin up to 1.20.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2024-52431. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Anton Hoelstad WP Quick Setup Plugin up to 2.0 on WordPress. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-52429. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in W3 Eden Premium Packages Plugin up to 5.9.3 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-52435. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in RSA NetWitness up to 12.5.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2024-28058. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Saso Nikolov Event Tickets with Ticket Scanner Plugin up to 2.3.11 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is known as CVE-2024-52427. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Ads Pro Scripteo Ads Booster Plugin up to 1.12 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2024-52428. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in IBM solidDB up to 6.5.0.8. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2012-0200. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

美国华盛顿州圣胡安县（San Juan County）已经推行 32 小时工作制（或四天工作制）一年时间。该县发布了一份报告，称其效果显著。圣胡安县表示，这一工作制了吸引了大量人才，申请人数增加 85.5%，空缺填补加速 23.75%，更多员工留任，离职（辞职或退休）减少 48%。84% 的员工表示改善了工作与生活之间的平衡。相比满足工会的加薪要求，工作 32 小时反而能节省超过 97.5 万美元。一位公园经理表示，32 小时没有增加成本，因为有更优秀的应聘者。空缺的职位通常会几个月找不到合适的人，但去年该机构不仅有更多的应聘者，而且能找到更符合要求的求职者。他招募的两名员工就是因为只需要工作 32 小时才前来应聘。

error code: 521

OverviewThe Cybersecurity and Infrastructure Security Agency (CISA) has officially adde

Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer

Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploited by attackers as zero-days. About the vulnerabilities (CVE-2024-0012, CVE-2024-9474) CVE-2024-0012 stems from missing authentication for a critical function and allows unauthenticated attackers with network access to the management web interface “to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474,” according to Palo … More →

The post Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) appeared first on Help Net Security.

A vulnerability was found in pyload-ng up to 0.5.0b3.dev85 and classified as problematic. This issue affects some unknown processing of the component HTTP Request Handler. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-39205. The attack can only be done within the local network. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in js2py up to 0.74. This affects the function js2py.disable_pyimport of the component API Call Handler. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-28397. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

Highlights from Escape's talks at The Elephant in AppSec Conference on the challenges of API security and how Escape is overcoming these

The post The Elephant in AppSec Talks Highlight: Reinventing API Security appeared first on Security Boulevard.

error code: 521

昆士兰科技大学（QUT）的研究人员发现，在马斯克（Elon Musk）于今年 7 月宣布支持特朗普之后，其旗下 X(前称 Twitter) 平台的算法发生了变化，他本人以及共和党保守派的推

Хакер почти ушёл с деньгами, но в последний момент случилось неожиданное...

The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD components: the bhyve hypervisor and the Capsicum sandboxing framework. The audit, conducted by the offensive security firm Synacktiv, provides insights into potential vulnerabilities and highlights the importance of proactive security measures in open-source software. The security audit, carried out in June and July 2024, aimed to identify vulnerabilities in these subsystems’ user-mode and … More →

The post Major security audit of critical FreeBSD components now available appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in OnePlug CMS. This affects an unknown part of the file press/details.asp. The manipulation of the argument Product_ID leads to sql injection. This vulnerability is uniquely identified as CVE-2006-0115. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.