Aggregator

A vulnerability was found in Ricardo Alexandre De Oliveira Staudt Yogurt 0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. This vulnerability is handled as CVE-2009-2033. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ricardo Alexandre De Oliveira Staudt Yogurt 0.3. It has been classified as critical. This affects an unknown part of the file writemessage.php. The manipulation of the argument original leads to sql injection. This vulnerability is uniquely identified as CVE-2009-2034. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Castro Xl TorrentVolve 1.4. It has been classified as critical. Affected is an unknown function of the file archive.php. The manipulation of the argument deleteTorrent leads to path traversal. This vulnerability is traded as CVE-2009-2101. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in IBM BigFix Platform 9.5. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2019-4013. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linksys SPA941 5.1.8. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2007-5411. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

澳大利亚立法禁止16周岁以下用户使用社交媒体 社交媒体平台强烈反对

A vulnerability, which was classified as problematic, has been found in WebKit. This issue affects the function webkitFaviconDatabaseSetIconForPageURL/webkitFaviconDatabaseSetIconURLForPageURL in the library UIProcess/API/glib/WebKitFaviconDatabase.cpp. The manipulation leads to data processing error. The identification of this vulnerability is CVE-2018-11646. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MODX Revolution up to 2.8.3-pl. It has been classified as critical. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2022-26149. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ipswitch IMail 5.0. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component IMonitor. The manipulation leads to memory corruption. This vulnerability is known as CVE-1999-1046. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple cups up to 1.1.3. It has been classified as problematic. Affected is the function ippReadIO of the component IPP Request. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2009-0949. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VPN clients Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. Cybercriminals used a gaming engine to create undetectable malware loader Threat actors are using an ingenious new way for covertly delivering malware … More →

The post Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine appeared first on Help Net Security.

A vulnerability was found in Geekbill Open Biller 0.1. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument username leads to sql injection. The identification of this vulnerability is CVE-2009-2036. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in phpWebThings up to 1.5.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file help.php. The manipulation of the argument module leads to path traversal. This vulnerability is known as CVE-2009-2081. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Rich White School Data Nav. This issue affects some unknown processing. The manipulation of the argument page leads to code injection. The identification of this vulnerability is CVE-2009-2641. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Desiscripts Desi Short URL Script 1.0. Affected is an unknown function of the file index.php. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2009-2642. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in dxstudio DX Studio Player. This vulnerability affects unknown code of the file shell.execute of the component Javascript API. The manipulation leads to os command injection. This vulnerability was named CVE-2009-2011. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Ordasoft Com Vehiclemanager 1.0. This affects an unknown part of the file toolbar_ext.php. The manipulation of the argument mosConfig_absolute_path leads to code injection. This vulnerability is uniquely identified as CVE-2009-2633. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.