Aggregator

A vulnerability was found in PHP Director up to 0.21. It has been rated as critical. This issue affects some unknown processing of the file videos.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2007-3562. The attack may be initiated remotely. Furthermore, there is an exploit available.

ArmorCode announced the expansion of its platform with the launch of two new modules for Penetration Testing Management and Exceptions Management. Alongside AI-powered Correlation and Remediation, these modules further advance ArmorCode’s leading platform capabilities to reduce the time, effort, and cost of addressing the riskiest vulnerabilities from any source through any remediation, mitigation, or exception workflow. ArmorCode Penetration Testing Management Module Modern security teams must manage the full lifecycle of application security findings no matter … More →

The post ArmorCode unveils two modules to help reduce software-based risks appeared first on Help Net Security.

Как нажатие всего одной кнопки может привести к необратимым последствиям?

你可能错过的新鲜事微软宣布弃用面向企业的 WSUS 更新服务微软于 9 月 20 日在其官方博客上宣布，面向企业的更新服务 Windows Server Update Services（简称 WS

Cisco disclosed a critical vulnerability identified as CVE-2024-20439, affecting its Smart Licensing Utility. An independent researcher discovered this vulnerability through reverse engineering. It involves a hardcoded static password that could allow attackers to gain unauthorized access and control over affected devices. The vulnerability highlights significant security concerns for organizations using Cisco’s licensing systems. Target Application […]

The post Researcher Details Cisco Smart Licensing that Lets Attacker Control Device appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

微软正式宣布停止开发 Windows Server Update Services (WSUS)，但它会继续通过 WSUS 释出更新。微软是在 8 月 13 日首次将 WSUS 列为从 Windows Server 2025 起移除或不再开发的功能之一。此前软件巨人还透露，它将很快弃用 WSUS 驱动程序同步。虽然 WSUS 新功能和开发将停止，但微软表示，它计划继续支持 WSUS 的现有功能和更新，仍然会通过 WSUS 分发功能和更新。微软的 Nir ​​Froimovici 表示，这意味着将不再投资新功能，也不接受 WSUS 的新功能请求。

A vulnerability was found in Proxmox pve-manager, libpve-storage-perl, libpve-http-server-perl, pmg-api and libpve-common-perl and classified as problematic. This issue affects the function handle_api2_request. The manipulation leads to file inclusion. The identification of this vulnerability is CVE-2024-21545. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in haibasoft Thanh Toán Quét Mã QR Code Tự Động Plugin up to 2.0.1 on WordPress and classified as problematic. This vulnerability affects the function wp_kses_allowed_html. The manipulation of the argument onclick leads to cross site scripting. This vulnerability was named CVE-2024-8914. The attack can be initiated remotely. There is no exploit available.

Apache Tomcat Connector（mod_jk）には不適切なデフォルトパーミッションの脆弱性が存在します。

A vulnerability was found in MifaShow Hairstyles 3.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6974. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Akronchildrens Care4Kids 1.03. It has been classified as critical. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-6973. The attack needs to be initiated within the local network. There is no exploit available.

Цифровые войска Anonymous 64 продвигают идею свободы среди китайского населения.

A vulnerability was found in PHPDirector 0.21. It has been classified as critical. Affected is an unknown function of the file config.php. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2007-3530. Attacking locally is a requirement. Furthermore, there is an exploit available.

A vulnerability was found in PHPDirector 0.21 and classified as critical. This issue affects some unknown processing of the file videos.php of the component Error Message Handler. The manipulation of the argument id[] leads to information disclosure. The identification of this vulnerability is CVE-2007-3529. The attack may be initiated remotely. Furthermore, there is an exploit available.

Telegram CEO Pavel Durov 表示，该公司将根据有效的法律请求向有关当局提供用户的 IP 地址和电话号码。Durov 在 Telegram 上发帖称，为阻止犯罪分子滥用该平台，它修改了服务条款。此举是在他于法国被捕不到一个月后做出的，他面临共谋传播儿童色情材料等的指控。总部位于阿联酋的 Telegram 以内容审核宽松著称，通常对各国政府的删除请求不予理睬，也经常无视犯罪嫌疑人的信息披露请求。

A vulnerability classified as critical has been found in Avscripts AV Arcade 2.1b. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2007-3563. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

error code: 1106

A vulnerability was found in Kazakhstan Radio 2.5 and classified as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6972. The attack needs to be done within the local network. There is no exploit available.

高危漏洞是网络系统可能被黑客利用以进行非法访问、数据窃取或系统破坏的严重安全缺陷。每一个操作系统、网络应用都可 […]

新闻速览 •锁定3人！国家安全部门立案侦察“台独”网军“匿名者64” •中证协发布《证券公司网络安全事件舆情处 […]