Aggregator

A vulnerability has been found in Bloofox CMS 0.3.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file plugins/spaw2/dialogs/dialog.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2008-5748. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Nokia Electronic Documentation 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /docs. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2003-0801. The attack can be launched remotely. Furthermore, there is an exploit available.

As organizations increasingly adopt cloud-native technologies, securing Kubernetes infrastructure has become more important than ever. Cloud-native security encompasses practices and tools designed specifically to protect applications, data, and infrastructure in today’s ephemeral, distributed cloud environments. By aligning cloud native security practices with regulatory requirements, you can better ensure compliance, which is critical for organizations operating in industries such as finance and healthcare.

The post Cloud Native Security: How to Protect Your Kubernetes Infrastructure appeared first on Security Boulevard.

Authors/Presenters: Kris Rides, Silvia Lemos, Ricki Burke, Kirsten Renner

Our sincere appreciation to [BSidesLV][1], and the Presenters/Authors for publishing their erudite [Security BSidesLV24][2] content. Originating from the conference’s events located at the [Tuscany Suites & Casino][3]; and via the organizations [YouTube][4] channel.

Permalink

The post BSidesLV24 – HireGround – What Goes Bump in the Night? Recruiter Panel About Job Search and Other Scary Things appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in usememos memos up to 0.13.2. Affected by this issue is some unknown functionality of the file /o/get/image. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-29029. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Baidu OpenRASP up to 1.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login. The manipulation of the argument redirect leads to cross site scripting. This vulnerability is handled as CVE-2024-29183. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in CSZ CMS 1.3.0. This affects the function Settings. The manipulation of the argument Default Keyword leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-27752. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SEMCMS 4.8. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-32409. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in FFmpeg N113007-g8d24a28d06. It has been classified as critical. Affected is the function gen_alias_map of the file libavcodec/jpegxl_parser.c. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2023-51791. It is possible to launch the attack remotely. There is no exploit available.

Hunters International, the RaaS group that some believe evolved from Hive, appears to be rebranding and shifting operations, moving away from an unprofitable and risky ransomware business and focusing solely on exfiltrating data and extorting victims, say Group-IB researchers.

The post Hunters International Dumps Ransomware, Goes Full-on Extortion appeared first on Security Boulevard.

European Business Data OSINT Cheat Sheet

A vulnerability was found in Dreamer CMS 4.0.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument tableName leads to sql injection. The identification of this vulnerability is CVE-2021-43084. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Insert Pages Plugin up to 3.7.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-4483. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Smash Balloon Social Post Feed Plugin up to 4.1.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-4477. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.