Aggregator

Apache TomcatにはApache Commons FileUploadによる、サービス運用妨害（DoS）の脆弱性が存在します。

The Apache Software Foundation から、Apache Tomcat の脆弱性に対するアップデートが公開されました。

With an immature codebase and a "rather chaotic encryption scheme" prone to failure, the group targets small businesses with custom malware.

Инструмент открывает новые горизонты в OSINT и пентесте.

A vulnerability, which was classified as problematic, was found in Loway QueueMetrics. Affected is an unknown function. The manipulation leads to open redirect. This vulnerability is traded as CVE-2024-42341. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Loway QueueMetrics and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to http request smuggling. This vulnerability is known as CVE-2024-42342. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Samsung Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920 and Exynos W93. Affected by this issue is the function slsi_rx_roamed_ind. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-27364. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Loway QueueMetrics. This issue affects some unknown processing. The manipulation leads to observable response discrepancy. The identification of this vulnerability is CVE-2024-42343. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TrueBooker Plugin up to 1.0.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-6924. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in TrueBooker Plugin up to 1.0.2 on WordPress and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-6925. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WP MultiTasking Plugin up to 0.1.12 on WordPress. It has been classified as problematic. Affected is an unknown function of the component SMTP Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-6856. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP MultiTasking Plugin up to 0.1.12 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6859. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. This vulnerability is handled as CVE-2024-8570. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2024-8571. The attack needs to be approached within the local network. There is no exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. This vulnerability was named CVE-2024-8572. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

万物安全精品发布会预约！

企业组12强与创客组6强，谁能问鼎冠军？

云原生安全是云安全的进阶阶段，它不仅继承了云安全的理念和方法，而且在技术和服务模式上有所深化和发展。

侧载是 Android 生态系统相比 iOS 更自由的地方，用户可通过下载 APK 文件安装一个应用的旧版本或修改版本。但现在 Google Play Integrity API 将给予应用开发商选择去屏蔽侧载，强行通过 Google Play 下载。Play Integrity API 将通过检查交互和服务器请求寻找应用是否被修改，软件运行环境是否可信，设备是否启用 Google Play Protect 等的证据，然后应用开发商可以决定是否警告用户设备已经 root、或者拒绝应用运行，建议用户切换到 Google Play 版本——此举将会删除设备上该应用的所有数据替换为 Google Play 版本。如果有愈来愈多的应用使用该功能，那么 root 设备的价值将会越来越小。

A vulnerability classified as problematic was found in Mentiss Acgv ACGVannu 1.3. This vulnerability affects unknown code of the file theme/acgv.php. The manipulation of the argument rubrik leads to path traversal. This vulnerability was named CVE-2007-2560. The attack can be initiated remotely. Furthermore, there is an exploit available.