Aggregator

A vulnerability classified as critical was found in IoT Haat Smart Plug IH-IN-16A-S 5.16.1. This vulnerability affects unknown code. The manipulation leads to authentication bypass by capture-replay. This vulnerability was named CVE-2024-46041. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in IoT Haat Smart Plug IH-IN-16A-S 5.16.1. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to session expiration. This vulnerability is uniquely identified as CVE-2024-46040. It is possible to initiate the attack remotely. There is no exploit available.

На фоне ухода иностранных вендоров Россия создает свою систему сертификации.

A vulnerability was found in Winhex 16.1 SR-1/20.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component Structured Exception Handler. The manipulation of the argument filename leads to memory corruption. This vulnerability is handled as CVE-2023-6362. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in SOPlanning up to 1.44. It has been classified as critical. Affected is an unknown function of the file /soplanning/www/groupe_list.php of the component Query Handler. The manipulation of the argument by leads to sql injection. This vulnerability is traded as CVE-2024-9573. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Winhex 16.1 SR-1/20.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Structured Exception Handler. The manipulation of the argument filename leads to memory corruption. This vulnerability is known as CVE-2023-6361. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in SOPlanning up to 1.44 and classified as problematic. This vulnerability affects unknown code of the file /soplanning/www/process/xajax_server.php of the component Query Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9571. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SOPlanning up to 1.44 and classified as problematic. This issue affects some unknown processing of the file /soplanning/www/process/groupe_save.php of the component Query Handler. The manipulation of the argument groupe_id leads to cross site scripting. The identification of this vulnerability is CVE-2024-9572. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in SOPlanning up to 1.44. This affects an unknown part of the file /soplanning/www/user_groupes.php of the component Query Handler. The manipulation of the argument by leads to sql injection. This vulnerability is uniquely identified as CVE-2024-9574. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Finding TeamViewer 0days - Part I by ourren

Finding TeamViewer 0days - Part II by ourren

更多最新文章，请访问SecWiki

Новый проект снизит задержку до 1 мс для ключевых сфер.

Get Online Student Safety Alerts & Reporting using Content Filter by ManagedMethods As students spend more time on social media and screens, concerns about the impact on their mental health are growing. According to the American Psychological Association, U.S. teens spend an average of 4.8 hours per day using popular social media apps. Additionally, 60% ...

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on Security Boulevard.

The Indian Securities and Exchange Board (SEBI) recently took a significant step to enhance software security by incorporating software bill of materials (SBOM) mandates under its Cybersecurity and Cyber Resilience Framework (CSCRF).

The post Simplifying SBOM compliance with Sonatype under India’s cybersecurity framework appeared first on Security Boulevard.

GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found

微软宣布，开发 Halo 系列的游戏工作室 343 Industries 重命名为 Halo Studios，放弃自家的 Slipspace 引擎，采用 Epic Games 的虚幻引擎 5 开发 Halo 系列的新作。工作室负责人表示，能在游戏行业招聘到更多熟悉虚幻引擎的开发者，不需要对他们培训训练使用私有的引擎。343 Industries 以前需要投入大量员工去维护和开发 Slipspace 引擎，从现在起它将与 Epic Games 合作，确保虚幻引擎能满足 Halo 的需求。

对蜜罐捕获的一个shell样本的简单分析。

随着LLM的广泛应用，其安全性问题也逐渐浮出水面，尤其是越狱注入攻击，已成为不容忽视的安全威胁。