Aggregator

Submit #410396 / VDB-278166

Submit #410183 / VDB-278165

Submit #409956 / VDB-278164

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9007. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of the argument PASSOx leads to code injection. This vulnerability is handled as CVE-2024-9006. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users. [...]

今日暂未更新资讯~
更多最新文章，请访问SecWiki

#Jenkins-RCE #KeePass-Crack #Pass-the-Hash #(NTFS)ADS攻击

A vulnerability was found in Kastle Systems Access Control System. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cleartext storage of sensitive information. This vulnerability is known as CVE-2024-45862. The attack can be launched remotely. There is no exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.

Submit #408299 / VDB-278163

Submit #408298 / VDB-278162

A vulnerability was found in Kastle Systems Access Control System. It has been classified as critical. Affected is an unknown function. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2024-45861. It is possible to launch the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.

A vulnerability was found in MegaSys Computer Technologies Telenium Online Web Application up to 8.3 and classified as very critical. This issue affects some unknown processing of the component HTTP Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-6404. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide.  [...]

A vulnerability has been found in FreeBSD and classified as critical. This vulnerability affects unknown code of the component bhyve. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-41721. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

世界最大排放国的排放可能提前达到峰值，远早于此前承诺的 2030 年。分析师 Dave Jones 表示，一旦中国的排放达到峰值，全世界的排放可能很快也会达到峰值。跟踪中国排放的分析师 Lauri Myllyvirta 通过分析来自中国政府、行业机构和商业公司的能源、工业和海关数据计算每月二氧化碳排放量。自 3 月以来，中国排放量一直在下降。这表明 2023 年中国的碳排放可能达到了峰值。驱动排放下降趋势的主要是清洁能源的增长。中国的排放此前发生过波动， 2013-2016 年减少煤炭使用推动了中国排放下降，但之后煤炭恢复增长后排放也恢复了增长。分析师表示可能需要一年的时间才能知道排放下降是短期还是长期现象。