Aggregator

CVE-2024-20511 | Cisco Unified Communications Manager up to 15SU1a Web-based Management Interface cross site scripting (cisco-sa-cucm-xss-SVCkMMW)

2 weeks 6 days ago

A vulnerability was found in Cisco Unified Communications Manager. It has been declared as problematic. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-20511. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-20540 | Cisco Unified Contact Center Management Portal up to 12.6(1)_ES13 Web-based Management Interface cross site scripting (cisco-sa-ccmp-sxss-qBTDBZDD)

Vuldb Updates

2 weeks 6 days ago

A vulnerability classified as problematic has been found in Cisco Unified Contact Center Management Portal. Affected is an unknown function of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-20540. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2021-34751 | Cisco Firepower Management Center sensitive information in gui (cisco-sa-fmc-infodisc-Ft2WVmNU)

Vuldb Updates

2 weeks 6 days ago

A vulnerability, which was classified as problematic, was found in Cisco Firepower Management Center. This affects an unknown part of the component Administrative Web-based GUI Configuration Manager. The manipulation leads to cleartext storage of sensitive information in gui. This vulnerability is uniquely identified as CVE-2021-34751. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2021-34753 | Cisco Firepower Threat Defense Software Ethernet Industrial Protocol access control (cisco-sa-ftd-enip-bypass-eFsxd8KP)

Vuldb Updates

2 weeks 6 days ago

A vulnerability was found in Cisco Firepower Threat Defense Software. It has been rated as critical. Affected by this issue is some unknown functionality of the component Ethernet Industrial Protocol. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2021-34753. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-5512 | Kofax Power PDF JP2 File Parser out-of-bounds

Vuldb Updates

2 weeks 6 days ago

A vulnerability classified as problematic was found in Kofax Power PDF. This vulnerability affects unknown code of the component JP2 File Parser. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-5512. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-5511 | Kofax Power PDF JP2 File Parser out-of-bounds

Vuldb Updates

2 weeks 6 days ago

A vulnerability classified as problematic has been found in Kofax Power PDF. Affected is an unknown function of the component JP2 File Parser. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-5511. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-5510 | Kofax Power PDF JP2 File Parser out-of-bounds

Vuldb Updates

2 weeks 6 days ago

A vulnerability classified as problematic was found in Kofax Power PDF. Affected by this vulnerability is an unknown functionality of the component JP2 File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-5510. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-5513 | Kofax Power PDF JP2 File Parser out-of-bounds write

Vuldb Updates

2 weeks 6 days ago

A vulnerability was found in Kofax Power PDF. It has been rated as critical. This issue affects some unknown processing of the component JP2 File Parser. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-5513. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-10394 | OpenAFS PAG up to 1.6.24/1.8.12.2/1.9.1 integer overflow (Nessus ID 213984)

Vuldb Updates

2 weeks 6 days ago

A vulnerability was found in OpenAFS PAG up to 1.6.24/1.8.12.2/1.9.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2024-10394. An attack has to be approached locally. There is no exploit available.

vuldb.com

CVE-2024-8185 | HashiCorp Vault/Vault Enterprise up to 1.18.0 API Endpoint failing open (Nessus ID 210710)

Vuldb Updates

2 weeks 6 days ago

A vulnerability classified as critical has been found in HashiCorp Vault and Vault Enterprise up to 1.18.0. Affected is an unknown function of the component API Endpoint. The manipulation leads to not failing securely. This vulnerability is traded as CVE-2024-8185. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-20504 | Cisco Secure Email Web-based Management Interface cross site scripting (cisco-sa-esa-wsa-sma-xss-zYm3f49n / Nessus ID 210599)

Vuldb Updates

2 weeks 6 days ago

A vulnerability was found in Cisco Secure Email, Secure Email and Web Manager and Secure Web Appliance. It has been declared as problematic. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2024-20504. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Sophisticated Kimsuky Campaign: New Malware Bypasses Windows Defender

Penetration Testing Tools - Metepreter.org

2 weeks 6 days ago

The Kimsuky group has once again found itself at the center of attention following a campaign that deftly combined social engineering tactics with sophisticated techniques for bypassing Windows security mechanisms. Their targets included South...

The post Sophisticated Kimsuky Campaign: New Malware Bypasses Windows Defender appeared first on Penetration Testing Tools.

ddos

日程确定！2025 Let's GoSSIP 暑期学校火热报名中！

安全研究GoSSIP

2 weeks 6 days ago

2025 Let's GoSSIP 暑期学校日程已定，快来报名！

Looking for Real Ones: Where Can I Learn Real-World Hacking from the Ground Up (Not Just Theory)?

不安全

2 weeks 6 days ago

作者致力于深入学习黑客技术，从编程与网络基础到高级渗透测试与数字隐匿，结合AI与安全哲学构建自研框架。寻求资源建议与合作机会以实现目标。

全周期防护，威努特给农业大数据上“保险”

威努特工控安全

2 weeks 6 days ago

智慧农业要快跑，数据安全先筑牢！

全周期防护，威努特给农业大数据上“保险”

不安全

2 weeks 6 days ago

当前环境异常，需完成验证后方可继续访问。

科技爱好者周刊（第 360 期）：Dan Wang 的新书

不安全

2 weeks 6 days ago

本文是一份周刊类文章，记录每周值得分享的科技内容，并于每周五发布。内容涵盖科技新闻、工具资源、AI动态及观点分享等。其中包括Dan Wang的新书《冲：中国对未来的探索》，对比中美两国在工程与法律社会模式上的差异；冷冻胚胎诞生时间最久世界纪录；南非为犀牛角植入放射性物质防止偷猎；开源工具如Tinyauth、Hyprnote等；以及关于AI验证不对称性及编程教育的观点讨论。

史上最大规模GreedyBear攻击：650种黑客工具窃取百万美元资产

不安全

2 weeks 6 days ago

代号GreedyBear的网络犯罪组织近期通过650多种恶意工具窃取超百万美元加密货币。该组织采用工业化攻击模式，结合AI技术生成多样化载荷，并利用"扩展程序空心化"技术规避安全审查。其武器化扩展程序精确模仿主流钱包界面，截获用户凭据并传输至远程服务器。

TeamFiltration: enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

Penetration Testing Tools - Metepreter.org

2 weeks 6 days ago

TeamFiltration TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the Example Attack flow at the bottom of this readme for a general introduction into how TeamFiltration works! This tool has...

The post TeamFiltration: enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts appeared first on Penetration Testing Tools.

ddos

Lynx

Dark Feed IO

2 weeks 6 days ago

You must login to view this content

cohenido

Aggregator

Managed ad