Aggregator

CVE-2024-11049 | ZKTeco ZKBio Time 9.0.1 Image File /auth_files/photo/ direct request

9 months 3 weeks ago

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. This vulnerability is traded as CVE-2024-11049. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2024-9633 | GitLab Community Edition/Enterprise Edition up to 17.3.6/17.4.3/17.5.1 incorrect ownership assignment (Issue 498257)

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.3.6/17.4.3/17.5.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect ownership assignment. This vulnerability is known as CVE-2024-9633. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-50838 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request department.php d/pi cross site scripting

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability was found in Kashipara E-Learning Management System Project 1.0. It has been classified as problematic. Affected is an unknown function of the file /lms/admin/department.php of the component HTTP POST Request Handler. The manipulation of the argument d/pi leads to cross site scripting. This vulnerability is traded as CVE-2024-50838. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-50842 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request school_year.php school_year cross site scripting

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability was found in Kashipara E-Learning Management System Project 1.0 and classified as problematic. This issue affects some unknown processing of the file /lms/admin/school_year.php of the component HTTP POST Request Handler. The manipulation of the argument school_year leads to cross site scripting. The identification of this vulnerability is CVE-2024-50842. The attack may be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-50841 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request calendar_of_events.php date_start/date_end/title cross site scripting

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability has been found in Kashipara E-Learning Management System Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /lms/admin/calendar_of_events.php of the component HTTP POST Request Handler. The manipulation of the argument date_start/date_end/title leads to cross site scripting. This vulnerability was named CVE-2024-50841. The attack can be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-50840 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request /lms/admin/class.php class_name cross site scripting

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability, which was classified as problematic, was found in Kashipara E-Learning Management System Project 1.0. This affects an unknown part of the file /lms/admin/class.php of the component HTTP POST Request Handler. The manipulation of the argument class_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-50840. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-50839 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request add_subject.php subject_code/title cross site scripting

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability, which was classified as problematic, has been found in Kashipara E-Learning Management System Project 1.0. Affected by this issue is some unknown functionality of the file /lms/admin/add_subject.php of the component HTTP POST Request Handler. The manipulation of the argument subject_code/title leads to cross site scripting. This vulnerability is handled as CVE-2024-50839. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-50843 | PHPGurukul User Registration & Login and User Management System /loginsystem/assets file information disclosure

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability classified as problematic was found in PHPGurukul User Registration & Login and User Management System 3.2. Affected by this vulnerability is an unknown functionality of the file /loginsystem/assets. The manipulation leads to file and directory information exposure. This vulnerability is known as CVE-2024-50843. The attack can be launched remotely. There is no exploit available.

vuldb.com

360智探手机取证分析系统发布，全球首发安卓15通用提权取证“利器”

安全客

9 months 3 weeks ago

安全客

CVE-2024-11215 | EasyPHP Web Server 14.1 SecurityManager path traversal

VulDB Recent Entries

9 months 3 weeks ago

A vulnerability classified as critical has been found in EasyPHP Web Server 14.1. Affected is an unknown function of the component SecurityManager. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-11215. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

A Beginner’s Guide to PCI DSS 4.0: Requirements 5-9

Security Boulevard

9 months 3 weeks ago

Data breaches reached a record high in the US last year, impacting over 350 million individuals. According to one estimate, financial services firms suffered the second highest total of breaches in 2023: 744. It’s not hard to imagine why. In many cases, threat actors will have been focused on targeting banks and other providers for the wealth of sensitive financial information they hold, like card data. This is exactly why the Payment Card Industry Data Security Standard (PCI DSS) was devised 20 years ago.

The post A Beginner’s Guide to PCI DSS 4.0: Requirements 5-9 appeared first on Security Boulevard.

Mirza Salihagic

CNNVD关于微软多个安全漏洞的通报

CNNVD安全动态

9 months 3 weeks ago

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞92个，影响到微软产品的其他厂商漏洞1个。

Emmenhtal Loader 提供 Lumma 和其他恶意软件的隐蔽策略

安全客

9 months 3 weeks ago

安全客

Why Open-Source CIAM Solutions Are Essential for Data Security and Privacy

Security Boulevard

9 months 3 weeks ago

Businesses face mounting cyber threats and data breaches from third-party vendors. Open-source CIAM solutions offer a secure, transparent alternative for customer identity management. Discover how these solutions provide enhanced security, complete data control, and cost-effective scalability.

The post Why Open-Source CIAM Solutions Are Essential for Data Security and Privacy appeared first on Security Boulevard.

Deepak Gupta - Tech Entrepreneur, Cybersecurity Author

IntelBroker Has Allegedly Leaked the Data of Colicom

Dark Web Informer - Cyber Threat Intelligence

9 months 3 weeks ago

IntelBroker Has Allegedly Leaked the Data of Colicom

Dark Web Informer

意大利出人意料的成为间谍软件的主要供应国

Solidot

9 months 3 weeks ago

2022 年 4 月，哈萨克斯坦政府暴力镇压全国抗议活动四个月后，网络安全研究人员发现当局在智能手机上部署间谍软件去窃听公民。间谍软件不是由哈萨克斯坦政府开发的，也不是来自以色列，而是来自于意大利公司 RCS Labs。根据 Wikileaks 在 2015 年公开的文件，RCS 与巴基斯坦、智利、蒙古、孟加拉国、缅甸、越南和土库曼斯坦的军方和情报机构打过交道。安全专家称，意大利有六家大型的间谍软件供应商，以及很多小型的相关企业。以色列间谍软件公司如 NSO Group 以开发先进的零点击间谍软件闻名，意大利公司则专注于廉价工具，因此不那么引人注目。因缺乏监管，意大利的间谍软件便宜且使用频率高。意大利记者 Riccardo Coluccini 称，当局最近几年执行了数千次间谍软件行动。