Aggregator

CVE-2024-4646 | Campcodes Complete Web-Based School Management System 1.0 student_payment_details.php index cross site scripting

Vuldb Updates
1 year 3 months ago
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. This vulnerability is traded as CVE-2024-4646. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-4647 | Campcodes Complete Web-Based School Management System 1.0 student_first_payment.php index cross site scripting

Vuldb Updates
1 year 3 months ago
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. This vulnerability is known as CVE-2024-4647. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-4648 | Campcodes Complete Web-Based School Management System 1.0 student_exam_mark_update_form.php std_index cross site scripting

Vuldb Updates
1 year 3 months ago
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. This vulnerability is handled as CVE-2024-4648. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-4649 | Campcodes Complete Web-Based School Management System 1.0 student_exam_mark_insert_form1.php page cross site scripting

Vuldb Updates
1 year 3 months ago
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-4649. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-4650 | Campcodes Complete Web-Based School Management System 1.0 student_due_payment.php due_month cross site scripting

Vuldb Updates
1 year 3 months ago
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. This vulnerability was named CVE-2024-4650. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

300% increase in endpoint malware detections

Help Net Security
1 year 3 months ago

The third quarter of 2024 saw a dramatic shift in the types of malware detected at network perimeters, according to a new WatchGuard report. The report’s key findings include a 300% increase quarter over quarter of endpoint malware detections, highlighted by growing threats that exploit legitimate websites or documents for malicious purposes as threat actors turn to more social engineering tactics to execute their attacks. While Microsoft documents like Word and Excel have long been … More →

The post 300% increase in endpoint malware detections appeared first on Help Net Security.

Help Net Security

Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

The Hackers News
1 year 3 months ago
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0. It has been described as a case of improper privilege management that could
The Hacker News

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

The Hackers News
1 year 3 months ago
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "
The Hacker News

超过12000个KerioControl防火墙暴露于被利用的RCE漏洞

嘶吼
1 year 3 months ago

KerioControl是一款面向中小企业的网络安全套件,主要用于vpn、带宽管理、报表监控、流量过滤、反病毒防护、入侵防御等。安全研究员发现,超过12000个GFI KerioControl防火墙实例暴露于一个关键的远程代码执行漏洞,跟踪为CVE-2024-52875。

这个漏洞是由安全研究员Egidio Romano (EgiX)在12月中旬发现的,他向人们展示了一键式RCE攻击的潜在危险。

GFI软件公司于2024年12月19日发布了9.4.5版本补丁1的安全更新,但三周后,根据Censys的说法,超过23800个实例仍然容易受到攻击。

上个月初,Greynoise透露,它已经检测到利用Romano的概念验证(PoC)漏洞的活跃利用尝试,旨在窃取管理CSRF令牌。

尽管有关于主动利用的警告,威胁监控服务Shadowserver表示,有12229台KerioControl防火墙暴露在利用CVE-2024-52875的攻击中。

这些实例大多数位于伊朗、美国、意大利、德国、俄罗斯、哈萨克斯坦、乌兹别克斯坦、法国、巴西和印度。

由于CVE-2024-52875的公共PoC的存在,利用的要求很低,即使是不熟练的黑客也可以加入恶意活动。

Egidio Romano解释说:“在302 HTTP响应中用于生成“Location”HTTP头之前,通过“dest”GET参数传递到这些页面的用户输入没有得到正确的处理。”

具体来说,应用程序不能正确过滤/删除换行(LF)字符。这可以用来执行HTTP响应分裂攻击,这反过来可能允许执行反射跨站脚本(XSS)和其他可能的攻击。”

反射XSS向量可能被滥用来执行一键式远程代码执行(RCE)攻击。如果用户还没有进行安全更新,强烈建议安装2025年1月31日发布的KerioControl版本9.4.5 Patch 2,其中包含额外的安全增强功能。

胡金鱼

滴滴诚招安全人才!

君哥的体历
1 year 3 months ago
【君哥内推】旨在帮助甲方信息安全部门发布招聘需求,推送频率不定。欢迎甲方朋友们将招聘需求发给我,我愿意出力,

Managed ad