Aggregator

因非法收集共享用户隐私数据，这家医疗公司赔偿超1.8亿元

CISA Updates Known Exploited Vulnerabilities Catalog, Adding 3 Critical Flaws

Br34cHM45t3r Claims to be Selling Super Administrator Access to the SAP System of an Unidentified Bank in Israel

A vulnerability, which was classified as problematic, has been found in Hi e-learning Learning Management System Plugin. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11321. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Beaver Builder Plugin up to 2.8.4.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-53797. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Themesflat Addons for Elementor Plugin up to 2.2.2 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-53796. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Andy Moyle Church Admin Plugin up to 5.0.8 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-53795. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in LOOS Arkhe Blocks Plugin up to 2.27.0 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-53794. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WP Sharks s2Member Pro Plugin up to 241114 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-51815. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WPSight WPCasa Plugin up to 1.2.13 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-53826. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in SICK InspectorP61x and InspectorP62x up to 4.x and classified as critical. This vulnerability affects unknown code of the component CROWN API. The manipulation leads to missing authentication. This vulnerability was named CVE-2024-10774. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

TLDRify – 标记网页内特定文字内容，并转换为短链接

A vulnerability, which was classified as problematic, was found in Owen Cutajar & Hyder Jaffari Auction Plugin up to 3.7 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-54207. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in thorsten phpMyFAQ up to 3.x. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through error message. This vulnerability is handled as CVE-2024-54141. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

LulzSec Black Defaced the Website of Flame Corner

A vulnerability classified as problematic was found in WpMaspik Maspik Plugin up to 2.2.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-53806. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in brandtoss WP Mailster Plugin up to 1.8.16.0 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-53805. It is possible to launch the attack remotely. There is no exploit available.

备份、恢复和数据管理解决方案的著名提供商 Veeam Software 发布了一个安全更新，以解决其 Veeam Backup & Replication 软件中的多个漏洞。这些漏洞有可能使经过验证的攻击者执行恶意代码，未经授权访问敏感信息，并破坏连接系统的完整性。 其中最严重的漏洞 CVE-2024-40717 的 CVSS v3.1 得分为 8.8，表示严重程度较高。该漏洞可使攻击者以提升的权限执行任意代码，从而可能导致整个系统被入侵。此更新解决的其他漏洞包括： CVE-2024-42451： 允許存取以人類可讀格式儲存的憑證。 CVE-2024-42452：允許以提升的權限遠端上載檔案至連接的 ESXi 主機。 CVE-2024-42453: 允許控制和修改連接的虛擬基礎結構主機。 CVE-2024-42455: 助長不安全的反序列化，可能導致檔案刪除。 CVE-2024-42456： 授予访问特权方法和控制关键服务的权限。 CVE-2024-42457：通过远程管理界面暴露已保存的凭证。 CVE-2024-45204： 利用凭证处理权限不足，可能导致 NTLM 哈希值泄漏。 另一个漏洞 CVE-2024-45207 影响 Microsoft Windows 的 Veeam Agent。当未受信任用户可写的目录被添加到 PATH 环境变量时，利用该漏洞可实现 DLL 注入。虽然默认的 Windows PATH 不包括此类目录，但在错误配置的环境中，风险仍然很大。 Veeam 已在 Veeam Backup & Replication 12.3（构建 12.3.0.310）和 Veeam Agent for Microsoft Windows 6.3（构建 6.3.0.177）中修复了这些漏洞，并敦促所有用户立即升级到该版本。作为临时缓解措施，Veeam 建议从备份服务器上的 “用户和角色 ”设置中删除任何不受信任或不必要的用户。 强烈建议依赖 Veeam Backup & Replication 的组织立即采取行动，保护其关键数据和基础设施。     转自安全客，原文链接：https://www.anquanke.com/post/id/302459 封面来源于网络，如有侵权请联系删除

A Threat Actor Allegedly Leaked the 2022 Lebanon General Election Voter Data