Aggregator

A vulnerability, which was classified as critical, has been found in OsamaTaher Java-springboot-codebase. This issue affects some unknown processing of the file /api/v1/customer/profile-picture. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-52302. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Poznan Supercomputing and Networking Center DInGO dLIbra up to 6.3.19. This vulnerability affects unknown code of the component indexsearch. The manipulation of the argument filter leads to cross site scripting. This vulnerability was named CVE-2024-7124. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in TCL Camera 6.00.04.0067.3.0. This affects an unknown part. The manipulation leads to path traversal: '.../...//'. This vulnerability is uniquely identified as CVE-2024-11136. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Kashipara E-Learning Management System Project 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /lms/admin/admin_user.php of the component HTTP POST Request Handler. The manipulation of the argument firstname/username leads to cross site scripting. This vulnerability is handled as CVE-2024-50837. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. This vulnerability is traded as CVE-2024-11049. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.3.6/17.4.3/17.5.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect ownership assignment. This vulnerability is known as CVE-2024-9633. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Kashipara E-Learning Management System Project 1.0. It has been classified as problematic. Affected is an unknown function of the file /lms/admin/department.php of the component HTTP POST Request Handler. The manipulation of the argument d/pi leads to cross site scripting. This vulnerability is traded as CVE-2024-50838. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Kashipara E-Learning Management System Project 1.0 and classified as problematic. This issue affects some unknown processing of the file /lms/admin/school_year.php of the component HTTP POST Request Handler. The manipulation of the argument school_year leads to cross site scripting. The identification of this vulnerability is CVE-2024-50842. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Kashipara E-Learning Management System Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /lms/admin/calendar_of_events.php of the component HTTP POST Request Handler. The manipulation of the argument date_start/date_end/title leads to cross site scripting. This vulnerability was named CVE-2024-50841. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Kashipara E-Learning Management System Project 1.0. This affects an unknown part of the file /lms/admin/class.php of the component HTTP POST Request Handler. The manipulation of the argument class_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-50840. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Kashipara E-Learning Management System Project 1.0. Affected by this issue is some unknown functionality of the file /lms/admin/add_subject.php of the component HTTP POST Request Handler. The manipulation of the argument subject_code/title leads to cross site scripting. This vulnerability is handled as CVE-2024-50839. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in PHPGurukul User Registration & Login and User Management System 3.2. Affected by this vulnerability is an unknown functionality of the file /loginsystem/assets. The manipulation leads to file and directory information exposure. This vulnerability is known as CVE-2024-50843. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in EasyPHP Web Server 14.1. Affected is an unknown function of the component SecurityManager. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-11215. It is possible to launch the attack remotely. There is no exploit available.

Data breaches reached a record high in the US last year, impacting over 350 million individuals. According to one estimate, financial services firms suffered the second highest total of breaches in 2023: 744. It’s not hard to imagine why. In many cases, threat actors will have been focused on targeting banks and other providers for the wealth of sensitive financial information they hold, like card data. This is exactly why the Payment Card Industry Data Security Standard (PCI DSS) was devised 20 years ago.

The post A Beginner’s Guide to PCI DSS 4.0: Requirements 5-9 appeared first on Security Boulevard.

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞92个，影响到微软产品的其他厂商漏洞1个。

Businesses face mounting cyber threats and data breaches from third-party vendors. Open-source CIAM solutions offer a secure, transparent alternative for customer identity management. Discover how these solutions provide enhanced security, complete data control, and cost-effective scalability.

The post Why Open-Source CIAM Solutions Are Essential for Data Security and Privacy appeared first on Security Boulevard.

IntelBroker Has Allegedly Leaked the Data of Colicom

2022 年 4 月，哈萨克斯坦政府暴力镇压全国抗议活动四个月后，网络安全研究人员发现当局在智能手机上部署间谍软件去窃听公民。间谍软件不是由哈萨克斯坦政府开发的，也不是来自以色列，而是来自于意大利公司 RCS Labs。根据 Wikileaks 在 2015 年公开的文件，RCS 与巴基斯坦、智利、蒙古、孟加拉国、缅甸、越南和土库曼斯坦的军方和情报机构打过交道。安全专家称，意大利有六家大型的间谍软件供应商，以及很多小型的相关企业。以色列间谍软件公司如 NSO Group 以开发先进的零点击间谍软件闻名，意大利公司则专注于廉价工具，因此不那么引人注目。因缺乏监管，意大利的间谍软件便宜且使用频率高。意大利记者 Riccardo Coluccini 称，当局最近几年执行了数千次间谍软件行动。