Aggregator
CVE-2024-25413 | FireBear Improved Import and Export 3.8.6 XSLT injection (ID 175801 / EUVD-2024-22744)
3 months ago
A vulnerability was found in FireBear Improved Import and Export 3.8.6. It has been classified as problematic. This affects an unknown part of the component XSLT Handler. The manipulation leads to injection.
This vulnerability is uniquely identified as CVE-2024-25413. The attack needs to be done within the local network. There is no exploit available.
vuldb.com
CVE-2024-25414 | CSZ CMS 1.3.0 ZIP File /admin/upgrade unrestricted upload (ID 175889 / EUVD-2024-22745)
3 months ago
A vulnerability, which was classified as critical, was found in CSZ CMS 1.3.0. This affects an unknown part of the file /admin/upgrade of the component ZIP File Handler. The manipulation leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2024-25414. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2024-25412 | Flatpress 1.3 email cross site scripting (EUVD-2024-22743)
3 months ago
A vulnerability was found in Flatpress 1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument email leads to cross site scripting.
This vulnerability is known as CVE-2024-25412. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-25376 | Thesycon TUSBAudio prior 5.68.0 Repair Mode msiexec.exe code injection (EUVD-2024-22709)
3 months ago
A vulnerability, which was classified as problematic, was found in Thesycon TUSBAudio. This affects an unknown part of the file msiexec.exe of the component Repair Mode. The manipulation leads to code injection.
This vulnerability is uniquely identified as CVE-2024-25376. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-25301 | Redaxo 5.15.1 /pages/templates.php code injection (EUVD-2024-22636)
3 months ago
A vulnerability classified as critical was found in Redaxo 5.15.1. This vulnerability affects unknown code of the file /pages/templates.php. The manipulation leads to code injection.
This vulnerability was named CVE-2024-25301. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-25302 | SourceCodester Event Student Attendance System 1.0 student sql injection (EUVD-2024-22637)
3 months ago
A vulnerability, which was classified as critical, has been found in SourceCodester Event Student Attendance System 1.0. This issue affects some unknown processing. The manipulation of the argument student leads to sql injection.
The identification of this vulnerability is CVE-2024-25302. Access to the local network is required for this attack. There is no exploit available.
vuldb.com
CVE-2024-25350 | PHPGurukul Zoo Management System 1.0 edit-ticket.php tickettype/tprice sql injection (EUVD-2024-22685)
3 months ago
A vulnerability was found in PHPGurukul Zoo Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /zms/admin/edit-ticket.php. The manipulation of the argument tickettype/tprice leads to sql injection.
This vulnerability is handled as CVE-2024-25350. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2024-25300 | Redaxo 5.15.1 Template Section Name cross site scripting (EUVD-2024-22635)
3 months ago
A vulnerability, which was classified as problematic, was found in Redaxo 5.15.1. Affected is an unknown function of the component Template Section. The manipulation of the argument Name leads to cross site scripting.
This vulnerability is traded as CVE-2024-25300. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
我谈不过 AI,但 AI 能替我谈 1000 次恋爱
3 months ago
不滑照片不尬聊,AI 帮你谈完恋爱再通知你出门赴约。
欧盟新规定强制要求为智能手机和平板提供五年操作系统更新
3 months ago
从 2025 年 6 月 20 日起,欧盟的新规定将强制要求制造商为智能手机和平板提供五年操作系统更新。此举旨在减少电子垃圾。欧盟的规定包括:防意外跌落或刮擦,防尘防水;电池承受至少 800 次充放电,维持八成初始电容量;设备停止在欧盟销售七年之内继续提供关键零部件;设备停产五年内提供操作系统更新;专业维修人员能不受歧视的访问更换所需的软件或固件。
Employees repeatedly fall for vendor email compromise attacks
3 months ago
In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a previous attack, according to Abnormal AI. Vendor email compromise risks increase with organization size Employees struggle to differentiate between legitimate messages and attacks, especially when those emails appear to come from a trusted vendor. Employees in the largest organizations, with workforces of 50,000 or more, had … More →
The post Employees repeatedly fall for vendor email compromise attacks appeared first on Help Net Security.
Help Net Security
Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths
3 months ago
Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA’s plans. We also discuss the broader implications for identity surveillance and who truly benefits from […]
The post Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths appeared first on Shared Security Podcast.
The post Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths appeared first on Security Boulevard.
Tom Eston
新的PumaBot僵尸网络暴力破解SSH凭据以破坏设备
3 months ago
一种新发现的基于Go的Linux僵尸网络恶意软件名为PumaBot,它通过暴力破解嵌入式物联网设备上的SSH凭证来部署恶意负载。
PumaBot 的针对性也体现在它根据从命令和控制 (C2) 服务器获取的列表针对特定的 IP 地址,而不是对互联网进行广泛的扫描。
瞄准监控摄像头
Darktrace在一份报告中记录了PumaBot,该报告概述了僵尸网络的攻击流程、入侵指标(IoCs)和检测规则。恶意软件从其C2 (ssh.ddos-cc.org)接收目标ip列表,并试图在端口22上执行暴力登录尝试以开放SSH访问。在这个过程中,它会检查“Pumatronix”字符串的存在,这可能与供应商的监控和交通摄像头系统的目标相对应。
一旦目标被建立,恶意软件就会接收凭证来针对它们进行测试。如果成功,它运行‘uname -a’来获取环境信息并验证目标设备不是蜜罐。
接下来,它将它的主二进制文件(jierui)写入/lib/redis,并安装一个systemd服务(redis.service),以确保设备重启时的持久性。
最后,它将自己的SSH注入到“authorized_keys”文件中以保持访问,即使在清除了主要感染的情况下也是如此。
当感染处于活跃状态时,PumaBot可以接收命令,试图窃取数据,引入新的有效载荷,或窃取横向移动中有用的数据。
Darktrace看到的有效负载示例包括自我更新脚本、PAM rootkit(替换合法的“pam_unix”)。所以'和daemons(二进制文件“1”)。
恶意PAM模块获取本地和远程SSH登录详细信息,并将其存储在一个文本文件(con.txt)中。“监视者”二进制文件(1)不断查找该文本文件,然后将其泄露到C2。
在文本文件上写入凭据
在泄漏之后,文本文件将从受感染的主机上擦除,以删除恶意活动的任何痕迹。PumaBot的规模和成功概率目前尚不清楚,也没有资料提到目标IP列表有多广泛。
这种新型僵尸网络恶意软件的特别之处在于,它不是直接利用受感染的物联网进行分布式拒绝服务(DoS)攻击或代理网络等低级网络犯罪,而是发起有针对性的攻击,从而为企业网络的深入渗透开辟了道路。
为了防御僵尸网络威胁,建议将物联网升级到最新可用的固件版本,更改默认凭据,将它们置于防火墙之后,并将它们与有价值的系统隔离在单独的网络中。
胡金鱼
CVE-2007-1498 | McAfee ProtectionPilot 1.1.1/1.5.0 Management Console sitemanager.dll swprintf stack-based overflow (VU#714593 / Nessus ID 24814)
3 months ago
A vulnerability classified as very critical has been found in McAfee ProtectionPilot 1.1.1/1.5.0. Affected is the function swprintf in the library sitemanager.dll of the component Management Console. The manipulation leads to stack-based buffer overflow.
This vulnerability is traded as CVE-2007-1498. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2007-1591 | Trend Micro Norton AntiVirus UPX denial of service (Nessus ID 24815 / ID 115528)
3 months ago
A vulnerability classified as critical was found in Trend Micro Norton AntiVirus. This vulnerability affects unknown code of the component UPX Handler. The manipulation leads to denial of service.
This vulnerability was named CVE-2007-1591. The attack needs to be approached locally. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2007-1608 | IBM WebSphere Application Server 6.0.x HTTP Response cross site scripting (Nessus ID 45416 / ID 87056)
3 months ago
A vulnerability was found in IBM WebSphere Application Server 6.0.x. It has been classified as problematic. This affects an unknown part of the component HTTP Response Handler. The manipulation leads to basic cross site scripting.
This vulnerability is uniquely identified as CVE-2007-1608. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2007-1560 | Squid Proxy up to 2.6.STABLE11 TRACE Request denial of service (Nessus ID 67467 / ID 156086)
3 months ago
A vulnerability was found in Squid Proxy up to 2.6.STABLE11. It has been rated as problematic. This issue affects some unknown processing of the component TRACE Request Handler. The manipulation leads to denial of service.
The identification of this vulnerability is CVE-2007-1560. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2008-3370 | EMC Centera Universal Access 4.0 4735 Login sql injection (EDB-32113 / XFDB-43981)
3 months ago
A vulnerability has been found in EMC Centera Universal Access 4.0 4735 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation leads to sql injection.
This vulnerability is known as CVE-2008-3370. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2013-4679 | Symantec Workspace Virtualization 6.4.1895.0 fslx.sys NtQueryValueKey ResultLength memory corruption (EDB-26950 / Nessus ID 72219)
3 months ago
A vulnerability was found in Symantec Workspace Virtualization 6.4.1895.0. It has been classified as critical. Affected is the function NtQueryValueKey of the file fslx.sys. The manipulation of the argument ResultLength leads to memory corruption.
This vulnerability is traded as CVE-2013-4679. Local access is required to approach this attack. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com