Aggregator

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

The Hackers News
5 months ago
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a
The Hacker News

CrowdSec: Open-source security solution offering crowdsourced protection

Help Net Security
5 months ago

Crowdsec is an open-source solution that offers crowdsourced protection against malicious IPs. CrowdSec features For this project, the developers have two objectives: Provide free top-quality intrusion detection and protection software. There’s community participation in creating new detection rules as new vulnerabilities are uncovered. Share and validate the attackers’ IPs with the network participants to render hackers’ resources useless as soon as possible. A consensus system gives a real-time actionable blocklist with no false positives. “CrowdSec … More →

The post CrowdSec: Open-source security solution offering crowdsourced protection appeared first on Help Net Security.

Mirko Zorz

CVE-1999-0746 | SuSE Linux up to 6.2 in.identd denial of service (EDB-19463 / Nessus ID 10560)

Vuldb Updates
5 months ago
A vulnerability was found in SuSE Linux up to 6.2. It has been rated as problematic. This issue affects some unknown processing of the file in.identd. The manipulation leads to denial of service. The identification of this vulnerability is CVE-1999-0746. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2015-1479 | Zoho ManageEngine ServiceDesk Plus 9.0 Build 9031 site sql injection (ID 130079 / EDB-35890)

Vuldb Updates
5 months ago
A vulnerability has been found in Zoho ManageEngine ServiceDesk Plus 9.0 Build 9031 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument site leads to sql injection. This vulnerability was named CVE-2015-1479. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2013-7247 | Franklinfueling Ts-550 Evo up to 2.0.0.6832 Firmware access control (EDB-31180)

Vuldb Updates
5 months ago
A vulnerability, which was classified as problematic, has been found in Franklinfueling Ts-550 Evo up to 2.0.0.6832. Affected by this issue is some unknown functionality of the component Firmware. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2013-7247. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2007-2901 | Dokeos 1.8.0 ImageManager/editor.php img cross site scripting (EDB-3974 / XFDB-34733)

Vuldb Updates
5 months ago
A vulnerability classified as problematic has been found in Dokeos 1.8.0. Affected is an unknown function in the library main/inc/lib/fckeditor/editor/plugins/imagemanager/editor.php of the file ImageManager/editor.php. The manipulation of the argument img leads to basic cross site scripting. This vulnerability is traded as CVE-2007-2901. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad