Aggregator
CVE-2005-2812 | man2web 0.87/0.88 privileges management (EDB-1194 / Nessus ID 19591)
1 year 7 months ago
A vulnerability was found in man2web 0.87/0.88. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper privilege management.
This vulnerability is handled as CVE-2005-2812. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
ESET APT Activity Report Q2 2024–Q3 2024: Key findings
1 year 7 months ago
ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report
CVE-2024-50241 | Linux Kernel up to 6.11.6 cleanup_async_copy async_copies initialization (e30a9a2f69c3/63fab04cbd0f)
1 year 7 months ago
A vulnerability has been found in Linux Kernel up to 6.11.6 and classified as critical. This vulnerability affects the function cleanup_async_copy. The manipulation of the argument async_copies leads to improper initialization.
This vulnerability was named CVE-2024-50241. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-11056 | Tenda AC10 16.03.10.13 /goform/WifiExtraSet FUN_0046AC38 wpapsk_crypto stack-based overflow
1 year 7 months ago
A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow.
This vulnerability is traded as CVE-2024-11056. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-11057 | Codezips Hospital Appointment System 1.0 /removeBranchResult.php ID/Name sql injection
1 year 7 months ago
A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection.
This vulnerability is known as CVE-2024-11057. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-10958 | WP Photo Album Plus Plugin up to 8.8.08.007 on WordPress Shortcode getshortcodedrenderedfenodelay code injection
1 year 7 months ago
A vulnerability was found in WP Photo Album Plus Plugin up to 8.8.08.007 on WordPress and classified as critical. Affected by this issue is the function getshortcodedrenderedfenodelay of the component Shortcode Handler. The manipulation leads to code injection.
This vulnerability is handled as CVE-2024-10958. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-11055 | 1000 Projects Beauty Parlour Management System 1.0 /admin/admin-profile.php adminname sql injection
1 year 7 months ago
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection.
The identification of this vulnerability is CVE-2024-11055. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
ChatGPT allows access to underlying sandbox OS, “playbook” data
1 year 7 months ago
OpenAI's containerized ChatGPT environment is open to limited yet extensive access to core instructions while allowing arbitrary file uploads and command execution within the isolated sandbox. [...]
Bill Toulas
DEF CON 32 – Redefining V2G: How To Use Your Vehicle As Game Controller
1 year 7 months ago
Authors/Presenters: Timm Lauser, Jannis Hamborg
Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Redefining V2G: How To Use Your Vehicle As Game Controller appeared first on Security Boulevard.
Marc Handelman
SecWiki News 2024-11-14 Review
1 year 7 months ago
abcde: openHarmony逆向工具包 by ourren
大模型软件生态系统的安全隐患:从传统漏洞到新型威胁 by ourren
web-chains: Web 版 Java Payload 生成与漏洞利用工具 by ourren
sshd后门自动化检测 by ourren
终端对抗防御逃逸-内存免杀 by ourren
Vigor3900 固件仿真及漏洞分析(CVE-2024-44844、CVE-2024-44845) by ourren
2018-2023年度NSFC人工智能学科人才项目申请及资助综述 by ourren
更多最新文章,请访问SecWiki
大模型软件生态系统的安全隐患:从传统漏洞到新型威胁 by ourren
web-chains: Web 版 Java Payload 生成与漏洞利用工具 by ourren
sshd后门自动化检测 by ourren
终端对抗防御逃逸-内存免杀 by ourren
Vigor3900 固件仿真及漏洞分析(CVE-2024-44844、CVE-2024-44845) by ourren
2018-2023年度NSFC人工智能学科人才项目申请及资助综述 by ourren
更多最新文章,请访问SecWiki
URL跳转最全总结
1 year 7 months ago
洋葱新闻拍下了 InfoWars
1 year 7 months ago
美国最好的新闻来源洋葱新闻(The Onion)拍下了美国最知名的阴谋论网站 InfoWars。InfoWars 创始人 Alex Jones 因宣称发生在 2012 年的 Sandy Hook 小学枪击案是一场骗局而被受害者家属提起诉讼,2022 年他被勒令向受害者家属赔偿近 15 亿美元,而 Jones 在当年申请了破产,法官同意清算其资产以支付赔偿金。本周三 InfoWars 拍卖所得将支付给受害者家属。洋葱新闻没有披露它的出价,它声明将重建网站,停止出售维生素和补充剂。
A Threat Actor Allegedly Leaked Data of the UK Parliament
1 year 7 months ago
A Threat Actor Allegedly Leaked Data of the UK Parliament
Dark Web Informer
CVE-2024-52302 | OsamaTaher Java-springboot-codebase profile-picture unrestricted upload
1 year 7 months ago
A vulnerability, which was classified as critical, has been found in OsamaTaher Java-springboot-codebase. This issue affects some unknown processing of the file /api/v1/customer/profile-picture. The manipulation leads to unrestricted upload.
The identification of this vulnerability is CVE-2024-52302. The attack may be initiated remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-7124 | Poznan Supercomputing and Networking Center DInGO dLIbra up to 6.3.19 indexsearch filter cross site scripting
1 year 7 months ago
A vulnerability classified as problematic was found in Poznan Supercomputing and Networking Center DInGO dLIbra up to 6.3.19. This vulnerability affects unknown code of the component indexsearch. The manipulation of the argument filter leads to cross site scripting.
This vulnerability was named CVE-2024-7124. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-11136 | TCL Camera 6.00.04.0067.3.0 path traversal
1 year 7 months ago
A vulnerability classified as problematic has been found in TCL Camera 6.00.04.0067.3.0. This affects an unknown part. The manipulation leads to path traversal: '.../...//'.
This vulnerability is uniquely identified as CVE-2024-11136. An attack has to be approached locally. There is no exploit available.
vuldb.com
CVE-2024-50837 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request admin_user.php firstname/username cross site scripting
1 year 7 months ago
A vulnerability was found in Kashipara E-Learning Management System Project 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /lms/admin/admin_user.php of the component HTTP POST Request Handler. The manipulation of the argument firstname/username leads to cross site scripting.
This vulnerability is handled as CVE-2024-50837. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-11049 | ZKTeco ZKBio Time 9.0.1 Image File /auth_files/photo/ direct request
1 year 7 months ago
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request.
This vulnerability is traded as CVE-2024-11049. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-9633 | GitLab Community Edition/Enterprise Edition up to 17.3.6/17.4.3/17.5.1 incorrect ownership assignment (Issue 498257)
1 year 7 months ago
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.3.6/17.4.3/17.5.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect ownership assignment.
This vulnerability is known as CVE-2024-9633. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com