OXAS-ADV-2024-0003: OX App Suite Security Advisory
Full Disclosuremailing list archivesFrom: Martin Heiland via Fulldisclosure
Aggregator
OXAS-ADV-2024-0004: OX App Suite Security Advisory
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Martin Heiland via Fulldisclosure
[SYSS-2024-042] DiCal-RED - Exposure of Sensitive Information to an Unauthorized Actor
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
[SYSS-2024-041] DiCal-RED - Use of Unmaintained Third Party Components
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
[SYSS-2024-040] DiCal-RED - Improper Authentication
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
[SYSS-2024-039] DiCal-RED - Path Traversal
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
[SYSS-2024-038] DiCal-RED - Use of Password Hash Instead of Password for Authentication
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
[SYSS-2024-037] DiCal-RED - Use of Password Hash With Insufficient Computational Effort
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
[SYSS-2024-035] DiCal-RED - Missing Authentication for Critical Function
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
[SYSS-2024-036] DiCal-RED - Missing Authentication for Critical Function
1 year 7 months ago
Full Disclosuremailing list archivesFrom: Sebastian Hamann via Fulldisclosure
NFC Traffic Stealer Targets Android Users & Their Banking Info
1 year 7 months ago
The malware builds on a near-field communication tool in combination with phishing and social engineering to steal cash.
Jai Vijayan, Contributing Writer
NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents
1 year 7 months ago
The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure.
Dark Reading Staff
Art NFTs in the Tech Sphere in 2024
1 year 7 months ago
Creativity and flexibility… Doing what matters… Shape the globe perspective… Is it your dream or dai
SolarWinds security advisory (AV24-475)
1 year 7 months ago
Canadian Centre for Cyber Security
Overcoming Writer's Block and Sharing New Insights: Vision, Strategy, and AI
1 year 7 months ago
Dear readers & friends,It’s been a while, and I’m sorry for that. I’ve been suffering from a mild c
I Made a Stream Deck For Literally No Money
1 year 7 months ago
We all know Stream Decks are expensive. So I decided to make it for literally no money. I’ve been wo
Google Chrome security advisory (AV24-474)
1 year 7 months ago
Canadian Centre for Cyber Security
CVE-2024-39717 | Versa Director Change Favicon Option access control
1 year 7 months ago
A vulnerability, which was classified as critical, has been found in Versa Director. This issue affects some unknown processing of the component Change Favicon Option. The manipulation leads to improper access controls.
The identification of this vulnerability is CVE-2024-39717. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8088 | Python CPython up to 3.13.0 zipfile Module namelist/iterdir/extractall infinite loop (ID 122905)
1 year 7 months ago
A vulnerability classified as critical was found in Python CPython up to 3.13.0. This vulnerability affects the function namelist/iterdir/extractall of the component zipfile Module. The manipulation leads to infinite loop.
This vulnerability was named CVE-2024-8088. The attack can be initiated remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-42599 | SeaCMS 13.0 admin_files.php access control
1 year 7 months ago
A vulnerability classified as critical has been found in SeaCMS 13.0. This affects an unknown part of the file admin_files.php. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2024-42599. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com