Aggregator

TLDRify – 标记网页内特定文字内容，并转换为短链接

A vulnerability, which was classified as problematic, was found in Owen Cutajar & Hyder Jaffari Auction Plugin up to 3.7 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-54207. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in thorsten phpMyFAQ up to 3.x. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through error message. This vulnerability is handled as CVE-2024-54141. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

LulzSec Black Defaced the Website of Flame Corner

A vulnerability classified as problematic was found in WpMaspik Maspik Plugin up to 2.2.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-53806. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in brandtoss WP Mailster Plugin up to 1.8.16.0 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-53805. It is possible to launch the attack remotely. There is no exploit available.

备份、恢复和数据管理解决方案的著名提供商 Veeam Software 发布了一个安全更新，以解决其 Veeam Backup & Replication 软件中的多个漏洞。这些漏洞有可能使经过验证的攻击者执行恶意代码，未经授权访问敏感信息，并破坏连接系统的完整性。 其中最严重的漏洞 CVE-2024-40717 的 CVSS v3.1 得分为 8.8，表示严重程度较高。该漏洞可使攻击者以提升的权限执行任意代码，从而可能导致整个系统被入侵。此更新解决的其他漏洞包括： CVE-2024-42451： 允許存取以人類可讀格式儲存的憑證。 CVE-2024-42452：允許以提升的權限遠端上載檔案至連接的 ESXi 主機。 CVE-2024-42453: 允許控制和修改連接的虛擬基礎結構主機。 CVE-2024-42455: 助長不安全的反序列化，可能導致檔案刪除。 CVE-2024-42456： 授予访问特权方法和控制关键服务的权限。 CVE-2024-42457：通过远程管理界面暴露已保存的凭证。 CVE-2024-45204： 利用凭证处理权限不足，可能导致 NTLM 哈希值泄漏。 另一个漏洞 CVE-2024-45207 影响 Microsoft Windows 的 Veeam Agent。当未受信任用户可写的目录被添加到 PATH 环境变量时，利用该漏洞可实现 DLL 注入。虽然默认的 Windows PATH 不包括此类目录，但在错误配置的环境中，风险仍然很大。 Veeam 已在 Veeam Backup & Replication 12.3（构建 12.3.0.310）和 Veeam Agent for Microsoft Windows 6.3（构建 6.3.0.177）中修复了这些漏洞，并敦促所有用户立即升级到该版本。作为临时缓解措施，Veeam 建议从备份服务器上的 “用户和角色 ”设置中删除任何不受信任或不必要的用户。 强烈建议依赖 Veeam Backup & Replication 的组织立即采取行动，保护其关键数据和基础设施。     转自安全客，原文链接：https://www.anquanke.com/post/id/302459 封面来源于网络，如有侵权请联系删除

A Threat Actor Allegedly Leaked the 2022 Lebanon General Election Voter Data

A vulnerability was found in Najeeb Ahmad Simple User Registration Plugin up to 5.5 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-53810. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Basix NEX-Forms Plugin up to 8.7.8 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-53808. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in zionbuilder Page Builder Plugin up to 3.6.12 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-54213. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in averta Slider & Popup Builder Plugin up to 3.2.1 on WordPress and classified as problematic. Affected by this issue is the function addExtraMimeType. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-4633. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Pinpoint.World Pinpoint Booking System Plugin up to 2.9.9.5.1 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-53815. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in brandtoss WP Mailster Plugin up to 1.8.16.0 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-53803. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in brandtoss WP Mailster Plugin up to 1.8.16.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to insertion of sensitive information into sent data. This vulnerability was named CVE-2024-53804. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in brandtoss WP Mailster Plugin up to 1.8.16.0 on WordPress. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-53807. The attack may be initiated remotely. There is no exploit available.

据Cyber Security News消息，臭名昭著的勒索软件组织 Brain Cipher 近日声称入侵了世界四大会计师事务所之一德勤，并从中窃取了1TB的压缩数据。 Brain Cipher是一家成立于 2024 年 6 月的新型勒索软件组织，因对全球组织的网络攻击而迅速”走红“。在针对印度尼西亚的攻击中，该组织曾让200多个政府机构的服务中断。 根据Brain Cipher 发出的声明，这次攻击暴露了德勤英国公司网络安全基础设施中的关键漏洞。他们计划发布有关此次数据窃取的详细信息，包括德勤涉嫌违反安全协议的证据、德勤与客户的合同协议、有关公司监控系统和安全工具的详细信息以及一些数据样例。 Brain Cipher 要求对方在 2024 年 12 月 15 日前做出回应。据悉，该组织已邀请德勤英国公司的企业代表以电子邮件的形式进行私下谈判，预示着存在支付赎金的可能。 根据 SentinelOne 的说法，Brain Cipher 针对多个关键行业和政府组织，并从事多管齐下的勒索。该组织在基于 TOR 的数据泄露网站上发布受害者，其恶意负载基于 LockBit 3.0的修改版本，网络钓鱼和鱼叉式网络钓鱼是该组织的主要初始访问媒介。 目前德勤英国公司尚未对这一事件进行官方回应，如果攻击事件属实，尤其是正如Brain Cipher 在声明中称”大公司并不总是能很好地完成他们的工作“（指未能尽到网络安全职责），其后果不仅将泄露机密商业信息、客户数据和财务记录，同时将对公司的专业声誉和客户关系带来巨大的负面影响。     转自Freebuf，原文链接：https://www.freebuf.com/news/417056.html 封面来源于网络，如有侵权请联系删除  

气温升高加剧物种灭绝风险

A vulnerability classified as critical has been found in Siemens syngo.plaza VB30E. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-52335. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Bakkbone Australia FloristPress Plugin up to 7.3.0 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-53799. The attack may be launched remotely. There is no exploit available.