Aggregator

A vulnerability was found in Allround Automations PL-SQL Developer up to 11.0.5 and classified as critical. Affected by this issue is some unknown functionality of the component Update Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is handled as CVE-2016-2346. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

This post first appeared on blog.netwrix.com and was written by Dirk Schrader.
Just like human users, computer programs also need access to resources on a network to function properly. There’s a difference in how these two groups—individuals and programs—access these resources, though. While humans utilize user accounts, computer programs use Active Directory service accounts. Active Directory service accounts allow computer services and programs to run without the need for human … Continued

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. This vulnerability was named CVE-2024-10546. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. [...]

This post first appeared on blog.netwrix.com and was written by Kent Tuominen.
SAML (Security Assertion Markup Language) and OAuth (Open Authorization) are two of the most common user authentication and authorization protocols. Both of them help manage identity and access using tokens, but they serve different purposes and operate in different contexts. This blog explains the key similarities and differences between SAML and OAuth and the specific … Continued

Submit #429033 / VDB-282520

A vulnerability classified as critical has been found in Draytek Vigor 3900 1.5.1.3. This affects the function packet_monitor of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-51301. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been rated as critical. Affected by this issue is the function get_rrd of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-51300. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been declared as critical. Affected by this vulnerability is the function dumpSyslog of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51299. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been classified as critical. Affected is the function doGRETunnel of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-51298. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Draytek Vigor 3900 1.5.1.3 and classified as critical. This issue affects the function pingtrace of the file mainfunction.cgi. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-51296. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Draytek Vigor 3900 1.5.1.3 and classified as critical. This vulnerability affects the function ldap_search_dn of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability was named CVE-2024-51304. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Eclipse Mosquitto up to 2.0.18. This affects an unknown part of the component PUBLISH Packet Handler. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2024-3935. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Eclipse Mosquitto up to 2.0.18. Affected by this issue is the function on_subscribe of the component SUBACK Packet Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-10525. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.

The holiday season is right around the corner—and consumer trends continue to show that spending during holiday shopping periods is higher than at any other time of year. With this increased spending comes the heightened need for reliable banking services. From credit card and debit card authorizations to deposits and...

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-10349. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10348. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.