Aggregator

Конфискованы серверы хакеров в США, Великобритании и Германии.

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vulnerability in the pg_dump utility poses a significant security risk, especially when executed by superusers. CVE-2024-7348 – Vulnerability Details The flaw is a Time-of-check Time-of-use (TOCTOU) race condition in the pg_dump process. An attacker can exploit this by […]

The post PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

世界最富有的公司不想放过一个收取佣金的机会。Patreon 是一个依靠小额打赏为内容创作者提供收入的众筹平台。苹果威胁，如果 Patreon 的内容创作者继续使用不受支持的第三方计费选项或禁用 iOS 交易，不使用苹果的应用内购系统，那么它将从应用商店移除该应用。Patreon 官方通过博文和电子邮件通知内容创作者，将在 2025 年 11 月之前转移使用苹果的订阅计费方法，它将从 2024 年 11 月开始进行转换，创作者可以考虑提高订阅价格以支付苹果的佣金，或者决定自己承担佣金费用。内容创作者可以选择推迟迁移，但这将导致他们无法在 iOS app 中提供会员资格，因为苹果的规则将从今年 11 月开始启用。

A vulnerability was found in Generate Images Plugin up to 5.2.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-6724. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in bdthemes Element Pack Elementor Addons Plugin up to 5.7.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7247. The attack can be initiated remotely. There is no exploit available.

A newly discovered vulnerability in the Common Log File System (CLFS.sys) driver of Windows has been identified, potentially affecting millions of devices running Windows 10, Windows 11, and various Windows Server versions. Tracked as CVE-2024-6768, this vulnerability allows a malicious authenticated low-privilege user to trigger a Blue Screen of Death (BSOD) through a forced call […]

The post CLFS Vulnerability Let Hackers Trigger BSOD Error On All Versions Of Windows 10 & 11 appeared first on Cyber Security News.

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-7715. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. It is recommended to replace the affected component with an alternative.

Hackers masquerading as the Security Service of Ukraine have compromised over 100 government systems. The Computer Emergency Response Team of Ukraine (CERT-UA) at the State Service of Special Communications and Information Protection (SSSCIP) reported the incident on August 12, highlighting the sophisticated tactics employed by the attackers. Malicious Emails Target Government Bodies The attack began […]

The post Hackers Posing as Security Service Compromised 100 Govt Systems appeared first on Cyber Security News.

满堂唯有烛花红，杯且从容，歌且从容。

挖娃带着企业SRC联合活动来啦，活动丰富，奖励丰厚 ，各种奖金礼品拿到手软 ，挖娃和大家一起激情8月！

August 13, 2024Over on YouTube The Comms Channel has uploaded a video showing how they used a

A vulnerability was found in WPDeveloper BetterDocs Plugin up to 3.5.8 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43227. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in iberezansky 3D FlipBook Plugin up to 1.15.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-43152. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Themeum Tutor LMS Plugin up to 2.7.3 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43231. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Averta Depicter Slider Plugin up to 3.1.2 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-43161. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in AddonMaster Post Grid Master Plugin up to 3.4.10 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-43156. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Blockspare Plugin up to 3.2.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-43164. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Jeroen Sormani WP Dashboard Notes Plugin up to 1.0.11 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43226. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in CreativeMindsSolutions CM Tooltip Glossary Plugin up to 4.3.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-43149. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in BannerSky BSK Forms Blacklist Plugin up to 3.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43233. It is possible to launch the attack remotely. There is no exploit available.