Aggregator

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Linear Sort’ appeared first on Security Boulevard.

A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument searchdata leads to sql injection. The identification of this vulnerability is CVE-2023-46024. Access to the local network is required for this attack. Furthermore, there is an exploit available.

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Роскомнадзор готов применить дополнительные меры контроля.

Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.

Microsoft has added another Windows 11 24H2 upgrade block for systems with Dirac audio improvement software due to compatibility issues breaking sound output. [...]

Одна из главных проблем в экстренной ветеринарии решена.

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. [...]

Shodan Dorks for Advanced OSINT

An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.

The post CVE-2024-50379: A Critical Race Condition in Apache Tomcat appeared first on Security Boulevard.

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Recent research has uncovered a concerning vulnerability in modern Trusted Execution Environments (TEEs) that challenges fundamental assumptions about memory security. The BadRAM attack, detailed in a paper by De Meulemeester et al., demonstrates how a low-cost hardware manipulation can compromise the integrity guarantees of systems like AMD SEV-SNP (Secure Encrypted Virtualization and Secure Nested Paging). […]

The post BadRAM-ifications: A Low-Cost Attack on Trusted Execution Environments appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post BadRAM-ifications: A Low-Cost Attack on Trusted Execution Environments appeared first on Security Boulevard.

A vulnerability was found in Delta Electronics DTM Soft up to 1.30. It has been classified as very critical. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-12677. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PCRecruiter Extensions Plugin up to 1.4.10 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11776. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in HMS Networks Ewon Flexy 205 up to 14.8s0 and classified as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2024-9154. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Chat2DB 0.3.5. This affects an unknown part of the file /datagrip/upload of the component XML Handler. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2024-55081. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Stirling-PDF 0.35.1. Affected by this issue is some unknown functionality of the file /url-to-pdf. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-55082. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Checkmk up to 2.1.0p50/2.2.0p37/2.3.0p22. Affected by this vulnerability is an unknown functionality of the component Windows Agent Data Directory. The manipulation leads to incorrect permission assignment. This vulnerability is known as CVE-2024-38864. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in QOS logback up to 1.5.12. Affected is an unknown function of the component XML Configuration File Handler. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-12801. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.