Aggregator

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37

Security Affairs
9 months ago
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool   Ragnar Loader   Desert Dexter. Attacks on Middle Eastern countries   Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers Microsoft patches […]
Pierluigi Paganini

CVE-2025-2367 | Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 Personal Script Submenu /boafrm/formScript os command injection

VulDB Recent Entries
9 months ago
A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal Script Submenu. The manipulation leads to os command injection. This vulnerability was named CVE-2025-2367. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-2366 | gougucms 4.08.18 Add Department Page /admin/department/add title cross site scripting

VulDB Recent Entries
9 months ago
A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2366. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-2365 | crmeb_java up to 1.3.4 WeChatMessageController.java webHook xml external entity reference

VulDB Recent Entries
9 months ago
A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2025-2365. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-5901 | SiteOrigin Widgets Bundle up to 1.62.2 on WordPress Image Grid Widget cross site scripting

Vuldb Updates
9 months ago
A vulnerability was found in SiteOrigin Widgets Bundle up to 1.62.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Image Grid Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5901. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-7284 | SourceCodester Lot Reservation Management System 1.0 ajax.php?action=save_settings about cross site scripting

Vuldb Updates
9 months ago
A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-7284. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-7285 | SourceCodester Establishment Billing Management System 1.0 ajax.php?action=save_settings name cross site scripting

Vuldb Updates
9 months ago
A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. This vulnerability was named CVE-2024-7285. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad