Aggregator

A vulnerability classified as critical has been found in Kashipara Music Management System 1.0. This affects an unknown part of the file /music/ajax.php?action=login of the component Login. The manipulation of the argument email leads to sql injection. This vulnerability is uniquely identified as CVE-2024-42781. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. It has been rated as critical. Affected by this issue is some unknown functionality of the component SIP Handler. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-20375. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Improve your identity and governance administration strategy with SaaS identity risk management. Discover how to extend the value of your IGA tool.

The post Enhance Your Identity Governance and Administration Strategy appeared first on Security Boulevard.

error code: 1106

North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure used by the North Korea-linked APT group tracked as UAT-5394, which experts suspect is linked to the Kimsuky APT group. The infrastructure includes staging, C2 servers, […]

North Korea-linked APT used a new RAT called MoonPeakNorth Korea-linked APT Kimsuky is likely

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. [...]

Как редкоземельный металл переписывает правила глобальной экономики.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Ferris Wheels’ appeared first on Security Boulevard.

Application Security Check Up

by Mike Saunders, Principal Security Consultant     This blog is the tenth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]

A vulnerability was found in Acyba AcyMailing Plugin up to 9.7.2 on WordPress. It has been declared as critical. Affected by this vulnerability is the function acym_extractArchive. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2024-7384. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in AMI AptioV up to 5.36. It has been classified as critical. Affected is an unknown function of the component DXE Module. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2024-33656. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in AMI AptioV up to 5.36 and classified as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-33657. An attack has to be approached locally. There is no exploit available.

CodeSonar 8.2 is a significant upgrade, containing new features and integrations, improved compiler and language support, and more checkers. The highlights are listed below; for more complete details, please consult the Release Notes. We recommend customers update to this version of CodeSonar as soon as possible to get access to these benefits.  Explore the latest…

The post What’s New in CodeSonar 8.2 appeared first on CodeSecure.

The post What’s New in CodeSonar 8.2 appeared first on Security Boulevard.

CodeSonar 8.2 is a significant upgrade, containing new features and integrations, impro

A vulnerability has been found in Atlassian Confluence Data Center and Confluence Server up to 8.9.5 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-21690. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.