Aggregator

A vulnerability has been found in MediaWiki up to 1.3.11 and classified as critical. This vulnerability affects unknown code of the file php.rar of the component mod_mime. The manipulation leads to memory corruption. This vulnerability was named CVE-2004-1405. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mantis 0.9.1. It has been declared as problematic. This vulnerability affects unknown code of the file signup_page.php. The manipulation leads to denial of service (Bomb). This vulnerability was named CVE-2004-1731. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sun SunOS 4.1/4.1.1/4.1.2 and classified as critical. This issue affects some unknown processing of the component ICMP Unreachable Packet Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-1999-0214. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Sun SunOS 4.1/4.1.1/4.1.2. This vulnerability affects unknown code of the component NFS. The manipulation of the argument uid leads to Local Privilege Escalation. This vulnerability was named CVE-1999-1021. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in HP HP-UX. Affected is an unknown function of the component ypbind. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-1999-0312. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Commodore Amiga Unix up to 2.1p2a and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-1999-1218. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in DEC OpenVMS 1.0/5.5.2. It has been classified as critical. This affects an unknown part. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-1999-1312. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Router 8.2/8.3/9.0/9.1/9.17. It has been declared as critical. This vulnerability affects unknown code of the component IP Source Routed Packet Handler. The manipulation leads to improper privilege management. This vulnerability was named CVE-1999-1216. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SCO Unix 4.0. It has been rated as critical. This issue affects some unknown processing of the component passwd. The manipulation leads to denial of service. The identification of this vulnerability is CVE-1999-1162. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in UMN Gopherd 1.12/2.0. Affected is an unknown function. The manipulation leads to improper privilege management (File). This vulnerability is traded as CVE-1999-0124. It is possible to launch the attack remotely. There is no exploit available. This vulnerability has a historic impact due to its background and reception.

A vulnerability classified as problematic was found in Novell NetWare 4.0/4.01. Affected by this vulnerability is an unknown functionality of the file login.exe. The manipulation leads to missing encryption of sensitive data. This vulnerability is known as CVE-1999-1215. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, has been found in SCO Unix. Affected by this issue is some unknown functionality of the component Temporary Folder Installer. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-1999-1138. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Sun Solaris 1.0/1.0.1/1.1/1.1c. This affects an unknown part of the file /usr/5bin/su. The manipulation as part of Search Path leads to improper privilege management. This vulnerability is uniquely identified as CVE-1999-1318. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Outlook up to 2000 and classified as critical. Affected by this issue is some unknown functionality of the component Holiday Feature. The manipulation leads to authentication bypass by spoofing. This vulnerability is handled as CVE-2001-1088. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease from the more than 34,000 malicious packages discovered last quarter, largely due to a sharp drop in security holdings packages. However, compared to the same period last year, the overall malware count more than doubled. … More →

The post Open-source malware doubles, data exfiltration attacks dominate appeared first on Help Net Security.

Lawsuits Allege Cybercrime Gang Medusa Stole Data of 132,000 People
An Arizona-based medical imaging practice with locations in 11 states is notifying patients that their data was compromised in a January cyberattack. Litigation filed against the company allege ransomware gang Medusa stole sensitive data pertaining to at least 132,000 people in the incident.

Inside North Korea's IT Scam Network Now Shifting to Europe
North Koreans posing as remote IT workers have spread to Europe, where one Pyongyang fraudster assumed at least 12 personas to target companies in Germany, Portugal and the United Kingdom. Western companies have grappled for years with the prospect of unintentionally hiring a North Korean national.

Integrated Tools Across Generative AI Security, DSPM, DDR Key to Growth Strategy
Cyberhaven is building a data security platform to address evolving risks in generative AI, DSPM and beyond. Backed by $100 million, CEO Howard Ting says the firm will use the funds to expand its portfolio and go-to-market footprint while staying independent.

Chinese Hackers Are Pre-Positioned, and Top Officials Could Be Making Matters Worse
Experts told lawmakers on Wednesday that without urgent federal action to strengthen cyber defenses and additional efforts to improve the cybersecurity practices of some of the highest ranking government officials, another Salt Typhoon attack could be just around the corner.