Aggregator

A vulnerability has been found in Application Dynamics Cartweaver ColdFusion up to 2.16.11 and classified as critical. This vulnerability affects unknown code of the file results.cfm. The manipulation of the argument ProdID leads to sql injection. This vulnerability was named CVE-2006-2046. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SoftExpert Excellence Suite up to 2.1.2. It has been classified as problematic. This affects an unknown part of the file /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2023-30330. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

December Zero-Day Phishing Threat Intel

WEB前端逆向拦截页面跳转

From Shopping Malls to Living Arcades: A Full-Circle Journey Into Modern Arcadism

绿盟科技威胁周报（2024.12.02-2024.12.08）

Understanding the nuances between cybersecurity products and platforms is crucial for enhancing business protections and supporting businesses anywhere.

The post Cybersecurity Products or Platforms – Which is More Effective? appeared first on Security Boulevard.

Strengthening Cybersecurity: Breaking Down inDrive’s Bug Bounty Program

Браузер обновляет подходы к защите конфиденциальности.

Editor’s note: The current article is authored by Mostafa ElSheimy, a malware reverse engineer and threat intelligence analyst. You can find Mostafa on X and LinkedIn.  In this malware analysis report, we will delve into Nova, a newly discovered fork of the Snake Keylogger family. This variant has been observed employing even more sophisticated tactics, signaling the continued […]

The post Analysis of Nova: A Snake Keylogger Fork appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability classified as problematic has been found in Schweizerische Steuerkonferenz Library taxstatement.jar 2.2.2/2.2.4 on Windows. Affected is the function DocumentBuilder of the component PDF Handler. The manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2024-8602. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in sigstore-python up to 3.5.x. This issue affects some unknown processing of the component Integration Time. The manipulation leads to missing cryptographic step. The identification of this vulnerability is CVE-2024-55655. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

[下载] Mozilla Firefox v133.0.3修复版本发布 修复部分界面没滚动条问题

 Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud Services Application (CSA). These vulnerabilities tracked as CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773, affect CSA versions 5.0.2 and earlier. Without mitigation, these flaws could allow malicious attackers to bypass authentication, execute remote code, and manipulate databases, posing significant risks to organizations relying on […]

The post Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

One of the most significant regulatory mandates on the horizon is the European Union’s Digital Operational Resilience Act (DORA).

The post Leveraging Crypto Agility to Meet DORA Requirements in Financial Services by January 2025 appeared first on Security Boulevard.

既然是个笑话那就没必要保留！火狐浏览器正在删除请勿追踪(DNT)选项

The U.S. has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. The U.S. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., faces charges for developing and testing a […]

Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild

CVE-2024-11205 наделяет пользователей неожиданной властью.