Aggregator
CVE-2024-42019 | Veeam ONE up to 12.1.0.3208 Reporter Service information disclosure (kb4649)
1 year 9 months ago
A vulnerability was found in Veeam ONE up to 12.1.0.3208. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component Reporter Service. The manipulation leads to information disclosure.
This vulnerability is known as CVE-2024-42019. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8559 | SourceCodester Online Food Menu 1.0 delete-menu.php menu sql injection
1 year 9 months ago
A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection.
The identification of this vulnerability is CVE-2024-8559. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-8560 | SourceCodester Simple Invoice Generator System 1.0 /save_invoice.php sql injection
1 year 9 months ago
A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /save_invoice.php. The manipulation of the argument invoice_code/customer/cashier/total_amount/discount_percentage/discount_amount/tendered_amount leads to sql injection.
This vulnerability is traded as CVE-2024-8560. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-8561 | SourceCodester PHP CRUD 1.0 Delete Person /endpoint/delete.php person sql injection
1 year 9 months ago
A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection.
This vulnerability is known as CVE-2024-8561. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-8562 | SourceCodester PHP CRUD 1.0 /endpoint/Add.php first_name/middle_name/last_name cross site scripting
1 year 9 months ago
A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting.
This vulnerability is handled as CVE-2024-8562. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-8563 | SourceCodester PHP CRUD 1.0 /endpoint/update.php first_name/middle_name/last_name cross site scripting
1 year 9 months ago
A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The manipulation of the argument first_name/middle_name/last_name leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-8563. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-8564 | SourceCodester PHP CRUD 1.0 /endpoint/update.php tbl_person_id/first_name/middle_name/last_name sql injection
1 year 9 months ago
A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tbl_person_id/first_name/middle_name/last_name leads to sql injection.
This vulnerability was named CVE-2024-8564. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-8565 | SourceCodesters Clinics Patient Management System 2.0 /print_diseases.php disease/from/to sql injection
1 year 9 months ago
A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /print_diseases.php. The manipulation of the argument disease/from/to leads to sql injection.
The identification of this vulnerability is CVE-2024-8565. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
2023年度CNVD优秀单位(个人)表彰名单
1 year 9 months ago
为激励和引导各单位个人勇于团结协作和积极贡献,进一步凝聚国内网安技术力量,协同提高网络安全能力。依照《国家信息安全漏洞共享平台(CNVD)支撑单位能力评价》办法,CNVD完成2023年度技术组支撑单位的能力评价工作。
CVE-2017-13688 | tcpdump up to 4.9.1 OLSR Parser print-olsr.c olsr_print memory corruption (Nessus ID 103257 / ID 370625)
1 year 9 months ago
A vulnerability has been found in tcpdump up to 4.9.1 and classified as critical. This vulnerability affects the function olsr_print of the file print-olsr.c of the component OLSR Parser. The manipulation leads to memory corruption.
This vulnerability was named CVE-2017-13688. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
“Unstripping” binaries: Restoring debugging information in GDB with Pwndbg
1 year 9 months ago
CIS Benchmarks September 2024 Update
1 year 9 months ago
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for September 2024.
CIS Benchmarks September 2024 Update
1 year 9 months ago
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for September 2024.
CVE-2017-13687 | Apple macOS up to 10.13.1 tcpdump memory corruption (HT208221 / Nessus ID 100472)
1 year 9 months ago
A vulnerability was found in Apple macOS up to 10.13.1 and classified as very critical. This issue affects some unknown processing of the component tcpdump. The manipulation leads to memory corruption.
The identification of this vulnerability is CVE-2017-13687. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
达斯·维德配音演员 James Earl Jones 去世,享年 93 岁
1 year 9 months ago
达斯·维德配音演员 James Earl Jones 于周一去世,享年 93 岁。Jones 是少数获得艾美奖、格莱美奖、奥斯卡奖、托尼奖的艺人之一,虽然他的奥斯卡奖是荣誉奖。他被誉为是最伟大的舞台和银幕演员之一。他首次出演电影是在库布里克的 1964 年电影《奇爱博士或我如何学会停止恐惧并爱上炸弹》,先后在动画版和 CGI 版《狮子王》中为 Mufasa 配音,他最为人熟知的角色是在《星球大战》系列中为达斯·维德配音,他在 2022 年与卢卡斯影业签署协议,授权在未来的《星战》系列影视剧中利用其声音去合成达斯·维德的声音。
CVE-2018-11523 | NUUO NVRmini 2 File Upload upload.php PHP File unrestricted upload (EDB-44794 / ID 13308)
1 year 9 months ago
A vulnerability has been found in NUUO NVRmini 2 and classified as critical. This vulnerability affects unknown code of the file upload.php of the component File Upload. The manipulation as part of PHP File leads to unrestricted upload.
This vulnerability was named CVE-2018-11523. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
美国 AI 医疗公司服务器配置错误,5.3TB 心理健康记录遭泄露
1 year 9 months ago
美国人工智能医疗公司Confidant Health的服务器配置错误,泄露了5.3TB的敏感心理健康记录,其中包括个人信息、评估和医疗信息,对患者构成严重的隐私风险。事件源于vpnMentor的资深网络安全研究员Jeremiah Fowler发现的一个未受密码保护且配置错误的服务器,其中包含来自Confidant Health的机密记录。9月6日,Jeremiah Fowler通过博客文章披露了这一发现。Confidant Health是一家位于德克萨斯州的人工智能平台,为康涅狄格州、佛罗里达州、新罕布什尔州、德克萨斯州和弗吉尼亚州的居民提供心理健康和成瘾治疗服务。 Confidant Health提供一系列服务,包括酒精康复、在线丁丙诺啡诊所、成瘾前治疗、行为改变计划、康复教练、阿片类药物戒断管理和药物辅助治疗,并且拥有一个下载量超过10,000次的远程医疗成瘾康复应用程序。 此次事件中的数据库包含超过126,276个文件(约5.3TB)和170万条日志记录,暴露了以下敏感信息: 个人身份信息 (PII):姓名、地址、联系方式、驾驶执照和保险信息。 心理健康评估:对患者的心理健康状况、家族史和创伤经历进行详细评估。 医疗记录:处方药清单、诊断测试结果、健康保险详情、医疗补助卡、医疗记录、治疗记录、列出处方药的护理信以及医疗记录请求或豁免。 音频和视频记录:它还包括会议的音频和视频记录和文本记录,讨论深入的个人家庭话题,包括孩子、父母、伴侣和冲突。 Fowler在9月6日发布消息之前与Hackread.com分享的一份报告中解释道,这些文件披露了心理治疗的入院记录和社会心理评估,详细说明了心理健康、药物滥用、家庭问题、精神病史、创伤史、医疗状况和其他诊断。 Confidant Health已承认数据泄露并限制访问。目前尚不清楚数据库是由 Confidant Health直接管理还是由第三方管理。暴露的持续时间和对配置错误的服务器的潜在访问仍不得而知。 “数据库中的文档并非全部被公开,部分文件受到限制,无法公开查看。然而,即使这些受限制文件中的数据无法查看,也存在恶意行为者知道其他患者数据的文件路径和存储位置的潜在风险,”Fowler指出。 类似因配置失当造成的数据库暴露或数据泄露屡见不鲜。2024年8月2日Jeremiah Fowler发现了13个配置错误的数据库,其中包含多达460万份文件,包括选民记录、选票和各种选举相关名单。暴露的数据似乎来自美国伊利诺伊州的一个县,无需任何密码或安全认证即可公开访问。他怀疑其他县可能无意中泄露了类似的数据,于是他替换了数据库格式中的县名,发现了总共13个可公开访问的数据库,以及另外15个不可公开访问的数据库。 网上咨询和治疗数据被网络犯罪分子滥用已有先例。2021年,《连线》杂志报道称,一家名为Vastaamo的心理健康初创公司提供易于使用的技术服务,并运营着芬兰最大的私人心理健康服务提供商网络。黑客入侵并下载了他们的整个客户数据库。接下来,犯罪分子联系了Vastaamo的首席执行官,要求支付40比特币(2020年为50万美元)作为赎金,否则他们每天将泄露100份患者记录。可见,健康数据本身对犯罪分子来说非常有价值,但如果再加上患者对其敏感的个人心理健康数据或药物滥用可能被曝光的担忧,则可能会增加勒索成功的风险。这些信息落入坏人之手,可能会产生深远而毁灭性的后果。 美国的医疗相关信息受 HIPAA(健康保险流通与责任法案)监管。该法案为敏感患者健康信息的保密性、安全性和保护制定了严格的标准。敏感患者数据的泄露会严重威胁其隐私,并可能导致各种负面后果,包括身份盗窃、医疗身份盗窃、敲诈勒索和勒索。犯罪分子可能会利用这些信息开设欺诈账户、提交虚假保险索赔、威胁患者泄露其心理健康信息并利用他们的弱点。 此次事件凸显了远程医疗行业中强有力的数据安全措施的重要性。关键措施可能包括加密、访问控制、定期安全审计、员工数据安全最佳实践培训以及全面的事件响应计划。随着远程医疗服务越来越受欢迎,提供商必须优先考虑患者的隐私和数据安全。 转自安全内参,原文链接:https://www.secrss.com/articles/69952 封面来源于网络,如有侵权请联系删除。
内容转载
CVE-2024-8558 | SourceCodester Food Ordering Management System 1.0 Price place-order.php total improper validation of specified quantity in input
1 year 9 months ago
A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input.
This vulnerability was named CVE-2024-8558. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-40713 | Veeam Backup & Replication up to 12.1.2.172 MFA improper authentication (kb4649)
1 year 9 months ago
A vulnerability was found in Veeam Backup & Replication up to 12.1.2.172. It has been rated as critical. This issue affects some unknown processing of the component MFA. The manipulation leads to improper authentication.
The identification of this vulnerability is CVE-2024-40713. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com