Aggregator

A vulnerability was found in Envoy 1.31.0/1.31.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect control flow. The identification of this vulnerability is CVE-2024-45807. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Webo-facto Plugin up to 1.40 on WordPress. This affects an unknown part. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2024-8853. It is possible to initiate the attack remotely. There is no exploit available.

17 арестов в ходе операции против фишинговой платформы.

为筑牢国家网络安全屏障、推进网络强国建设贡献力量

In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords [x] TLS certificates [x] Accounts [x] SSH keys ??? The secrets listed above are typically secured with privileged access management (PAM) solutions or similar. Yet, most traditional PAM

A hacking group has allegedly claimed responsibility for breaching the Dell employee database. The claim was made public on a well-known hacking forum, where the group asserted that they had accessed sensitive information belonging to approximately 10,800 Dell employees and partners. The breach reported by HackManac in the X platform occurred in September 2024 and […]

The post Hackers Allegedly Claim Breach of Dell Employee Database appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The truth about completing content to build real-world hacking & cybersecurity skills, even “Easy” ones

A vulnerability has been found in Kartli Alisveris Sistemi 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file news.asp. The manipulation of the argument news_id leads to sql injection. This vulnerability is known as CVE-2007-3119. The attack can be launched remotely. Furthermore, there is an exploit available.

Background Two critical vulnerabilities in VMware’s vCenter Server platform were recently patched by Broadcom, with the more severe of the […]

The post CVE-2024-38812: VMware vCenter Server RCE Vulnerability appeared first on HawkEye.

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2024-9004. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of the argument PASSOx leads to code injection. This vulnerability is handled as CVE-2024-9006. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9007. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in NetCat CMS up to 6.4.0.24126.2. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation leads to observable response discrepancy. This vulnerability was named CVE-2024-8651. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in NetCat CMS up to 6.4.0.24126.2/6.4.0.24247. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-8653. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in JetBrains YouTrack. Affected by this issue is some unknown functionality of the component Workflow Handler. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2024-47159. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in NetCat CMS up to 6.4.0.24126.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8652. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Couchbase up to 7.2.5/7.6.1 and classified as problematic. This issue affects some unknown processing of the component HTTP Header Handler. The manipulation of the argument Host leads to injection. The identification of this vulnerability is CVE-2024-25673. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in JetBrains YouTrack. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2024-47160. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Traefik. It has been rated as critical. Affected by this issue is some unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded leads to use of less trusted source. This vulnerability is handled as CVE-2024-45410. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Puma up to 5.6.8/6.4.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded_For leads to authorization bypass. This vulnerability is known as CVE-2024-45614. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.