Aggregator

A vulnerability was found in Novell File Reporter 1.0.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file NFRAgent.exe. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2012-4958. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Novell File Reporter 1.0.2. It has been classified as problematic. Affected is an unknown function of the file NFRAgent.exe. The manipulation leads to path traversal. This vulnerability is listed as CVE-2012-4957. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in NetMechanica NetDecision 4.5.1. It has been classified as problematic. This issue affects some unknown processing of the component Installation. Performing manipulation results in information disclosure. This vulnerability is identified as CVE-2012-1464. The attack can be initiated remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Novell NetIQ 2.3.0/2.3.1. This affects the function ldapagnt_eval in the library ldapagnt.dll of the file unifid.exe of the component Privileged User Manager. The manipulation as part of Perl Code results in code injection. This vulnerability was named CVE-2012-5932. The attack may be performed from remote. In addition, an exploit is available. It is advisable to upgrade the affected component.

Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses a critical attack vector, effectively handing adversaries the keys to an organization’s cloud environment. During a recent cybersecurity assessment by Resecurity’s HUNTER Team, researchers discovered that a publicly accessible appsettings.json file had exposed the ClientId and ClientSecret of an Azure AD application, […]

The post Azure AD Vulnerability Leaks Credentials, Lets Attackers Deploy Malicious Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a novel twist on the year-long trend of ClickFix scams, threat actors have blended human-verification social engineering with the Windows search protocol to deliver MetaStealer, a commodity infostealer notorious for harvesting credentials and exfiltrating sensitive files. While the attack superficially resembles classic ClickFix and FileFix techniques, its unique infection chain—from a fake AnyDesk installer […]

The post Threat Actors Exploit Windows Search in AnyDesk ClickFix Attack to Spread MetaStealer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Экстренный план действий, когда технологии подводят, а любовь к близким требует немедленного решения.

Rovo Dev CLI 是 Atlassian 推出的命令行 AI 开发工具，支持 Claude Sonnet 4 和 GPT-5 模型，提供每日 2000 万免费 Token。支持 Windows、macOS 和 Linux 系统安装，需注册 Atlassian 账号并获取 API Key 后使用。

A vulnerability, which was classified as problematic, has been found in mrtgconfig 0.5.9. Impacted is an unknown function of the file 14all.cgi of the component Error Message Handler. This manipulation of the argument cfg causes information disclosure (Path). This vulnerability is handled as CVE-2002-1677. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Jelsoft vBulletin up to 2.2.4. The affected element is an unknown function of the file memberlist.php. Such manipulation of the argument $letterbits leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2002-1678. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in phpBB up to 2.0.1. Affected by this vulnerability is an unknown functionality of the file install.php. The manipulation of the argument phpbb_root_dir leads to improper privilege management. This vulnerability is traded as CVE-2002-1707. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in Deltascripts Php Classifieds 6.0.5. The affected element is an unknown function. The manipulation of the argument URL results in basic cross site scripting. This vulnerability is cataloged as CVE-2002-1702. The attack may be launched remotely. Furthermore, there is an exploit available.

OnionC2 is a command and control (C2) framework with communications over Tor network. It’s packed with privacy &

The post OnionC2: The New C&C Framework for Anonymous Cyber Operations appeared first on Penetration Testing Tools.

A vulnerability was found in Google Android 13.0. It has been classified as critical. This vulnerability affects the function onActivityResult of the file AvatarPickerActivity.java. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2023-20912. Local access is required to approach this attack. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability was found in Google Android 11.0/12.0/13.0. It has been classified as problematic. The impacted element is the function addPermission of the file PermissionManagerServiceImpl.java. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2023-20911. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 11.0/12.0/13.0 and classified as problematic. The affected element is the function addNetworkSuggestions of the file WifiManager.java. The manipulation results in resource consumption. This vulnerability was named CVE-2023-20910. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.

Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code.  These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses to compromise device security. Key Takeaways1. CVE-2025-21483 & CVE-2025-27034 allow remote RCE.2. Affects Snapdragon 8 […]

The post Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely appeared first on Cyber Security News.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.0.5/18.1.3/18.2.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-7734. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in GitLab Enterprise Edition up to 18.0.5/18.1.3/18.2.1. It has been rated as problematic. The impacted element is an unknown function of the component Merge Request Handler. Performing manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2025-8770. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A critical security vulnerability has emerged in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments.  This vulnerability centers around the exposure of appsettings.json files containing ClientId and ClientSecret credentials, effectively handing adversaries the keys to entire Microsoft 365 tenants. The vulnerability was identified during […]

The post Azure Active Directory Vulnerability Exposes Credentials and Enables Attackers to Deploy Malicious Apps appeared first on Cyber Security News.