Aggregator
CVE-2024-8940 | Scriptcase 9.4.019 POST Request unrestricted upload
1 year ago
A vulnerability has been found in Scriptcase 9.4.019 and classified as very critical. Affected by this vulnerability is an unknown functionality in the library /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ of the component POST Request Handler. The manipulation leads to unrestricted upload.
This vulnerability is known as CVE-2024-8940. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-43693 | Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE POST Request command injection (icsa-24-268-04)
1 year ago
A vulnerability was found in Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE and ProGauge MAGLINK LX4 CONSOLE. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component POST Request Handler. The manipulation leads to command injection.
This vulnerability is known as CVE-2024-43693. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-6592 | WatchGuard Authentication Gateway/Single Sign-On Client authorization (wgsa-2024-00014)
1 year ago
A vulnerability was found in WatchGuard Authentication Gateway and Single Sign-On Client and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to incorrect authorization.
This vulnerability is handled as CVE-2024-6592. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-6512 | Devolutions Server up to 2024.2.10.0 PAM Access Request authorization (DEVO-2024-0013)
1 year ago
A vulnerability has been found in Devolutions Server up to 2024.2.10.0 and classified as problematic. This vulnerability affects unknown code of the component PAM Access Request Handler. The manipulation leads to incorrect authorization.
This vulnerability was named CVE-2024-6512. The attack needs to be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2024-45613 | CKeditor5 up to 43.1.0 Clipboard Package cross site scripting (GHSA-rgg8-g5x8-wr9v)
1 year ago
A vulnerability was found in CKeditor5 up to 43.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Clipboard Package. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-45613. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8887 | CIRCUTOR Q-SMT 1.0.4 improper validation of specified quantity in input
1 year ago
A vulnerability classified as critical was found in CIRCUTOR Q-SMT 1.0.4. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper validation of specified quantity in input.
This vulnerability is known as CVE-2024-8887. The attack can be launched remotely. There is no exploit available.
vuldb.com
Eliminating Memory Safety Vulnerabilities at the Source
1 year ago
Edward Fernandez
Ransomware attack forces UMC Health System to divert some patients
1 year ago
Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. [...]
Bill Toulas
Cyberattackers Use HR Targets to Lay More_Eggs Backdoor
1 year ago
The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire.
Elizabeth Montalbano, Contributing Writer
CVE-2024-7855 | WP Hotel Booking Plugin up to 2.1.2 on WordPress unrestricted upload
1 year ago
A vulnerability classified as critical has been found in WP Hotel Booking Plugin up to 2.1.2 on WordPress. This affects an unknown part. The manipulation leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2024-7855. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CISA and FBI Issue Alert on XSS Vulnerabilities
1 year ago
Cross-site scripting (XSS) vulnerabilities continue to be a major concern in today’s software lands
Randall Munroe’s XKCD ‘Beamsplitters’
1 year ago
via the comic humor & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Beamsplitters’ appeared first on Security Boulevard.
Marc Handelman
Хромирование: смертельный тренд в TikTok захватывает умы подростков
1 year ago
Интернет захлестнула новая форма токсикомании?
CRTO Review – Red Team Ops 2024
1 year ago
Buenas tardes a todos. Como es de buen saber, mis posts son directos, concisos pero informativos. A (casi) nadie le...
Victor Capatina
Image Splitter-免费在线图片分割工具
1 year ago
Image Splitter是什么Image Splitter是一款免费在线图片分割工具,适合社交媒体和网页设计等用途。用户可以上传图片,选择分割方式,
Cookie-share:Cookie分享管理工具 免登录实现帐号共享
1 year ago
Cookie-share是一款基于Chrome/Edge 扩展的Cookie分享管理工具,免登录实现帐号共享,允许用户在不同设备或浏览器之间发送和接收
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition
1 year ago
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition."
"This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in
The Hacker News
快速创建并运行优化的虚拟机Windows、macOS 和 Linux
1 year ago
简介:Quickemu 是优秀的 QEMU 的包装器,在创建虚拟机时会自动 “做正确的事”。无需详尽的配置选项。你决定要运行什么操作系统,而 Quick
Evil Corp hit with new sanctions, BitPaymer ransomware charges
1 year ago
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. [...]
Lawrence Abrams