Aggregator

A vulnerability has been found in Tenda O6 1.0.0.7(2054) and classified as critical. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. This vulnerability was named CVE-2024-46049. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.6(468). This affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-46045. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.6(468). Affected by this issue is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-46044. The attack may be launched remotely. Furthermore, there is an exploit available.

Kali Linux 2024.3, the most recent iteration of Offensive Security’s highly regarded Debian-based distribution designed for ethical hacking and penetration testing, has been released. This new release is a major update that includes 11 new hacking tools and focuses on behind-the-scenes updates and optimizations. According to the Kali Linux team, there have been a few […]

The post Kali Linux 2024.3 Released With New Hacking Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in Google Android up to 7.1. This affects an unknown part of the component libnl. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2017-0386. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel attack that can infer eye-related biometrics from the avatar image to

Сотрудничество правоохранителей и регуляторов показывает пример глобального противодействия кибератакам.

A vulnerability was found in Google Android and classified as critical. Affected by this issue is the function get_futex_key of the file futex.c. The manipulation leads to use after free. This vulnerability is handled as CVE-2018-9422. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in gnuedu. This affects an unknown part of the file web/login.php. The manipulation of the argument LIBSDIR leads to code injection. This vulnerability is uniquely identified as CVE-2007-2609. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said. The teenager, who's from Walsall, is said to have been

A vulnerability classified as critical has been found in Linux Kernel up to 4.13.4. This affects an unknown part of the component Keyring Handler. The manipulation leads to credentials management. This vulnerability is uniquely identified as CVE-2017-18270. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

Are you confident your vulnerability management is doing its job, or do you sometimes feel like it’s falling short? Many companies invest time and resources into managing vulnerabilities, yet still...

The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Strobes Security.

The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Security Boulevard.

MIT чествует нестандартные научные достижения.

Een sterke en geloofwaardige krijgsmacht is nodig om Nederland veilig te houden. De actuele geopolitieke ontwikkelingen gaan gepaard met onrust en instabiliteit. De verschrikkelijke oorlog in Oekraïne, zorgwekkende situatie in het Midden-Oosten of de buitenlandse beïnvloeding vanuit bijvoorbeeld Rusland: het zijn allemaal zaken die ook Nederlandse belangen raken met risico’s voor onze fysieke, digitale en economische veiligheid. Dat staat in het regeerprogramma dat vandaag is gepresenteerd. Het kabinet brengt daarom de defensie-uitgaven in lijn met de 2% NAVO-norm.

A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. This vulnerability is known as CVE-2024-8784. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #407385 / VDB-277435

A vulnerability has been found in FedMsg up to 0.18.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Message Validation. The manipulation leads to improper input validation. This vulnerability is known as CVE-2017-1000001. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. This vulnerability is traded as CVE-2024-8783. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.