Aggregator

A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems.  The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high severity. The flaw stems from the deserialization of untrusted data in Web Deploy, classified under […]

The post Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Skydweller готов сражаться за родину.

A vulnerability, which was classified as critical, has been found in Wachipi WP Events Calendar Plugin 1.0 on WordPress. This vulnerability affects unknown code of the file event.php. The manipulation of the argument event_id as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-5315. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SnapCreek Duplicator Plugin 1.2.32 on Windows. It has been rated as problematic. Affected is an unknown function of the file installer/build/view.step4.php. The manipulation of the argument json as part of Parameter leads to cross site scripting. This vulnerability is traded as CVE-2018-7543. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in Contact Form 7 to Database Extension Plugin 2.10.32 on WordPress. This affects an unknown part of the file ExportToCsvUtf8.php. The manipulation as part of Spreadsheet leads to improper input validation. This vulnerability is uniquely identified as CVE-2018-9035. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Caldera Forms Plugin up to 1.5.x on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2018-7747. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordPress Comments Import and Export up to 2.0.3 on WordPress. It has been rated as critical. Affected is an unknown function. The manipulation leads to injection. This vulnerability is traded as CVE-2018-11526. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Booking Calendar Plugin 8.4.3 on WordPress. This vulnerability affects unknown code. The manipulation of the argument booking_id as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-20556. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in 99 Robots WP Background Takeover Advertisements Plugin up to 4.1.4 on WordPress. Affected by this vulnerability is an unknown functionality of the file exports/download.php. The manipulation of the argument filename with the input .. as part of Parameter leads to path traversal. This vulnerability is known as CVE-2018-9118. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. This vulnerability was named CVE-2025-8937. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability categorized as problematic has been discovered in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The identification of this vulnerability is CVE-2025-8933. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. This vulnerability is traded as CVE-2025-8934. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-8935. The attack can be launched remotely. Furthermore, there is an exploit available.

Creator, Author and Presenter: Erin Barry

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Round And Around We Go: Interviews, What Do You Know? appeared first on Security Boulevard.

为了更好地培养学生掌握先进的数据挖掘与分析方法，锻炼学生敏锐的情报洞察力，为将来投身于开源情报领域的工作奠定坚实的基础。特举办“第三届全国大学生开源情报数据采集与分析大赛”。

以色列的情报机构。

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from legitimate voicemail services. These emails contain spoofed sender information and feature prominent “Listen to Voicemail” […]

The post New Gmail Phishing Attack With Weaponized Login Flow Steals Credentials appeared first on Cyber Security News.

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. [...]

Microsoft recently revealed that it's currently enhancing protection against dangerous file types and malicious URLs in Teams chats and channels. [...]