Aggregator

A vulnerability classified as critical was found in Authors List Plugin up to 2.0.4 on WordPress. This vulnerability affects the function update_authors_list_ajax of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-10952. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SG Helper Plugin up to 1.0 on WordPress. This issue affects some unknown processing of the component SVG File Upload Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11093. The attack may be initiated remotely. There is no exploit available.

ProFTPD 权限提升漏洞(CVE-2024-48651)安全风险通告

Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and

A vulnerability, which was classified as problematic, was found in Keybase Command Line Client up to 2.8 on Linux. Affected is an unknown function. The manipulation as part of Search Path leads to untrusted search path. This vulnerability is traded as CVE-2018-18629. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Vodka maker Stoli says August ransomware attack contributed to bankruptcy filing

英特尔推出售价249美元的Intel Arc B系列独立显卡 性能相当于RTX 4060

A vulnerability, which was classified as critical, was found in GNU binutils 2.28. This affects an unknown part of the file opcodes/bfin-dis.c. The manipulation as part of Binary File leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-9749. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

承与继：第六代和第九代 ThinkPad X1 Carbon 纯主观札记

狂欢双12

Тестирование показало, что решения взаимодействуют корректно.

Крупнейшая криминальная сеть на €93 млн объединяла немецкоязычных преступников.

A vulnerability classified as problematic was found in Intel VirusScan Enterprise Linux up to 2.0.3. This vulnerability affects unknown code of the file NailsConfig.html. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2016-8018. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in VMTurbo Operations Manager. Affected by this vulnerability is an unknown functionality of the file vmtadmin.cgi. The manipulation of the argument fileDate leads to command injection. This vulnerability is known as CVE-2014-5073. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a privileged application programming interface (API) that may allow attackers to overwrite the Windows Registry. The API endpoint in question – NmAPI.exe – can be exploited by unauthenticated, remote attackers to change an existing registry value or … More →

The post PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) appeared first on Help Net Security.

Boundless Socratic Learning: Google DeepMind's Vision for AI That Learns Without Limits

Finding information on specific cyber threats in a vast amount of data can be challenging. Threat Intelligence Lookup from ANY.RUN simplifies this task with wildcards and operators that provide you with the ability to create flexible and precise search queries. Let’s take a look at how you can use them to identify and collect intel […]

The post Search Operators and Wildcards for Cyber Threat Investigations appeared first on ANY.RUN's Cybersecurity Blog.