Aggregator

A vulnerability has been found in Wikimedia Apex Skin Extension up to 1.39.8/1.41.2/1.42.1 on Mediawiki and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-47840. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Wikimedia Cargo Extension 3.6.0 on Mediawiki and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-47846. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Wikimedia Cargo Extension 3.6.0 on Mediawiki. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-47847. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop this tool to replicate one of the most commonly utilized process injection techniques employed in attacks, specifically process hollowing. My objective was to demonstrate how implants generated by Sliver C2 can be … More →

The post GhostStrike: Open-source tool for ethical hacking appeared first on Help Net Security.

A vulnerability classified as critical was found in 133 Flight Manager 4. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7745. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Microsoft Azure SDK for Java. It has been classified as critical. Affected is an unknown function. The manipulation leads to protection mechanism failure. This vulnerability is traded as CVE-2020-16971. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SAP Fiori App 605 and classified as problematic. Affected by this issue is some unknown functionality of the component My Overtime Requests. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-25643. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in TYPO3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component t3 Scheme Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-25120. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TYPO3. This vulnerability affects unknown code of the component Persisting File Abstraction Layer. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-25121. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 and classified as critical. Affected by this issue is some unknown functionality of the component Systems Manager Role Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-42497. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0. This vulnerability affects unknown code of the component Channel Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-43780. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-8231. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Esri Portal for ArcGIS Enterprise up to 10.8.1/10.9.1/11.1. This vulnerability affects unknown code of the component Link Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-25694. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Esri Portal for ArcGIS Enterprise Experience Builder up to 10.8.1/10.9.1/11.1. This issue affects some unknown processing of the component Link Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-25701. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Esri ArcGIS Enterprise Web App Builder up to 10.8.1/10.9.1/11.1. Affected is an unknown function of the component Link Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-25702. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Microchip TimeProvider 4100 up to 2.4.6. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation leads to open redirect. This vulnerability was named CVE-2024-43683. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Musulmanin.com 0.1. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7744. Access to the local network is required for this attack to succeed. There is no exploit available.

Amnesty International and 14 other organizations filed a complaint with France’s highest administra

In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect of organizational strategy and accountability. Many experts suggest that the NIS2 Directive has far-reaching implications beyond IT security. Could you expand on the specific non-technical requirements that companies must be aware of? The NIS2 Directive … More →

The post How NIS2 will impact sectors from healthcare to energy appeared first on Help Net Security.