Aggregator
Hackers have sights set on four Microsoft vulnerabilities, CISA warns
1 year 9 months ago
Federal civilian agencies across the U.S. government have until the end of the month to fix four ke
CVE-2024-7585 | Tenda i22 1.0.0.3(4687) /goform/apPortalAuth formApPortalWebAuth webUserName/webUserPassword buffer overflow
1 year 9 months ago
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow.
This vulnerability is known as CVE-2024-7585. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-42034 | Huawei HarmonyOS/EMUI Account Module logic error
1 year 9 months ago
A vulnerability was found in Huawei HarmonyOS and EMUI. It has been declared as problematic. This vulnerability affects unknown code of the component Account Module. The manipulation leads to business logic errors.
This vulnerability was named CVE-2024-42034. An attack has to be approached locally. There is no exploit available.
vuldb.com
CVE-2024-42035 | Huawei HarmonyOS/EMUI App Multiplier Module access control
1 year 9 months ago
A vulnerability, which was classified as critical, has been found in Huawei HarmonyOS and EMUI. Affected by this issue is some unknown functionality of the component App Multiplier Module. The manipulation leads to improper access controls.
This vulnerability is handled as CVE-2024-42035. The attack needs to be approached locally. There is no exploit available.
vuldb.com
CVE-2024-0104 | NVIDIA Mellanox OS/ONYX/Skyway/MetroX-3 XC/MetroX-2 LDAP AAA Component access control
1 year 9 months ago
A vulnerability has been found in NVIDIA Mellanox OS, ONYX, Skyway, MetroX-3 XC and MetroX-2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LDAP AAA Component. The manipulation leads to improper access controls.
This vulnerability is known as CVE-2024-0104. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-0115 | NVIDIA CV-CUDA 0.1.x - v0.9.x on Ubuntu Python API resource consumption
1 year 9 months ago
A vulnerability was found in NVIDIA CV-CUDA 0.1.x - v0.9.x on Ubuntu. It has been classified as problematic. This affects an unknown part of the component Python API. The manipulation leads to resource consumption.
This vulnerability is uniquely identified as CVE-2024-0115. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com
CVE-2024-0113 | NVIDIA Mellanox OS/Skyway/MetroX-3 XC/MetroX-2 URI path traversal
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in NVIDIA Mellanox OS, Skyway, MetroX-3 XC and MetroX-2. Affected by this issue is some unknown functionality of the component URI Handler. The manipulation leads to path traversal: '.../...//'.
This vulnerability is handled as CVE-2024-0113. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-41732 | SAP NetWeaver Application Server ABAP 755/756/757/758 CSS code injection
1 year 9 months ago
A vulnerability, which was classified as critical, was found in SAP NetWeaver Application Server ABAP 755/756/757/758. Affected is an unknown function of the component CSS Handler. The manipulation leads to code injection.
This vulnerability is traded as CVE-2024-41732. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-28799 | IBM QRadar Suite Software/Cloud Pak for Security Back-End Command invocation of process using visible sensitive information (XFDB-287173)
1 year 9 months ago
A vulnerability was found in IBM QRadar Suite Software and Cloud Pak for Security. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Back-End Command Handler. The manipulation leads to invocation of process using visible sensitive information.
This vulnerability is handled as CVE-2024-28799. Attacking locally is a requirement. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-27267 | IBM SDK/Java Technology Edition up to 7.1.5.18/8.0.8.26 Object Request Broker channel accessible (XFDB-284573)
1 year 9 months ago
A vulnerability classified as critical has been found in IBM SDK and Java Technology Edition up to 7.1.5.18/8.0.8.26. This affects an unknown part of the component Object Request Broker. The manipulation leads to channel accessible by non-endpoint.
This vulnerability is uniquely identified as CVE-2024-27267. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-50315 | IBM WebSphere Application Server 8.5/9.0 certificate validation (XFDB-274714)
1 year 9 months ago
A vulnerability has been found in IBM WebSphere Application Server 8.5/9.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation.
This vulnerability is known as CVE-2023-50315. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
UnDisruptable27 Project Wants to Shore Up Critical Infrastructure Security
1 year 9 months ago
The Institute for Security and Technology's UnDisruptable27 project connects technology firms with the public sector to strengthen US cyber defenses in case of attacks on critical infrastructure.
Jennifer Lawinski, Contributing Writer
CVE-2014-1990 | Toshibatec E-studio-232 Change Password cross-site request forgery (EDB-29570)
1 year 9 months ago
A vulnerability was found in Toshibatec E-studio-232. It has been declared as critical. This vulnerability affects unknown code of the component Change Password. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2014-1990. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
WordPress.org to require 2FA for plugin developers by October
1 year 9 months ago
error code: 1106
Adobe fixes Acrobat Reader zero-day with public PoC exploit
1 year 9 months ago
error code: 1106
针对程序猿的新型骗局,黑客借招聘Python传播恶意软件
1 year 9 months ago
这些代码通常会伪装成编码技能测试或密码管理器应用程序,代码附带的 README 文件包含诱骗受害者执行恶意软件的说明。
Invoke-Maldaptive: LDAP Obfuscation, Deobfuscation & Detection
1 year 9 months ago
MaLDAPtive MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. Its foundation is a 100% custom-built C# LDAP parser that handles tokenization and syntax tree parsing along with numerous custom properties...
The post Invoke-Maldaptive: LDAP Obfuscation, Deobfuscation & Detection appeared first on Penetration Testing Tools.
ddos
DFIR Toolkit: CLI tools for forensic investigation of Windows artifacts
1 year 9 months ago
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile Example evtxanalyze Analyze evtx...
The post DFIR Toolkit: CLI tools for forensic investigation of Windows artifacts appeared first on Penetration Testing Tools.
ddos
CVE-2018-5247 | ImageMagick 7.0.7-17 Q16 coders/rla.c ReadRLAImage resource management (Issue 928 / Nessus ID 106221)
1 year 9 months ago
A vulnerability, which was classified as problematic, was found in ImageMagick 7.0.7-17 Q16. Affected is the function ReadRLAImage of the file coders/rla.c. The manipulation leads to improper resource management.
This vulnerability is traded as CVE-2018-5247. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com