Aggregator

A vulnerability, which was classified as critical, was found in SpeedTech PHP Library. This affects an unknown part of the file stphpbtnimage.php. The manipulation of the argument STPHPLIB_DIR leads to code injection. This vulnerability is uniquely identified as CVE-2007-4737. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

USP Establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script) Feature This Go program establishes persistence on a Linux system by...

The post USP: Establishes persistence on a Linux system appeared first on Penetration Testing Tools.

Lil Pwny Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users’ passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The usernames...

The post Lil Pwny: auditing Active Directory passwords using Python appeared first on Penetration Testing Tools.

The lunar script generates a scored audit report of a Unix host’s security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in...

The post lunar: UNIX security auditing tool appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, has been found in Oracle MySQL Server up to 5.5.19. This issue affects the function acl_get of the file sql/sql_acl.cc. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2012-5611. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Flash Player. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4249. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

It's North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.

A vulnerability was found in TuS 1947 Radis 1. It has been classified as critical. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7367. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as problematic has been found in Cisco IOS XE. This affects an unknown part of the component ACL. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2024-20510. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco IOS and IOS XE. This vulnerability affects unknown code of the component Resource Reservation Protocol. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-20433. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS XE 17.11.99SW/17.12.1/17.12.1a and classified as critical. Affected by this issue is some unknown functionality of the component IPv4 Fragmentation Handler. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2024-20467. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

California's attempt to regulate deepfakes in political advertising through AB 2839 has sparked debate on free speech and election integrity. The legislation faces challenges in implementation, technological limitations, and platform responsibilities, highlighting complexities of governing AI.

The post California’s Deepfake Regulation: Navigating the Minefield of AI, Free Speech, and Election Integrity appeared first on Security Boulevard.

San Francisco, United States / California, October 3rd, 2024, CyberNewsWireDoppler, t

Security Boulevard The Home of the Security Bloggers Network

E' stato pubblicato il Recepimento Direttiva (UE) 2022/2555, detta NIS 2 (D. Lgs. 4 settembre 2024,

The Global Bot Security Report is out and the results are in: Health, Luxury, and E-Commerce are the least protected industries against simple bot attacks. Learn how your industry measures up.

The post E-Commerce Protection Lags Behind: Insights from the 2024 Global Bot Security Report appeared first on Security Boulevard.

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bugOver 4,000 unpatc

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]

Singapore, Singapore, October 3rd, 2024, CyberNewsWireAt DEF CON 32, the SquareX research team de