Aggregator

CVE-2023-24220 | LuckyframeWEB 3.5 /system/RoleMapper.xml dataScope sql injection (Issue 22 / EUVD-2023-28279)

Vuldb Updates
3 months 3 weeks ago
A vulnerability was found in LuckyframeWEB 3.5. It has been rated as critical. This affects an unknown part of the file /system/RoleMapper.xml. The manipulation of the argument dataScope leads to sql injection. This vulnerability is listed as CVE-2023-24220. The attack must be carried out from within the local network. There is no available exploit.
vuldb.com

CVE-2023-24221 | LuckyframeWEB 3.5 /system/DeptMapper.xml dataScope sql injection (Issue 23 / EUVD-2023-28280)

Vuldb Updates
3 months 3 weeks ago
A vulnerability identified as critical has been detected in LuckyframeWEB 3.5. This issue affects some unknown processing of the file /system/DeptMapper.xml. This manipulation of the argument dataScope causes sql injection. This vulnerability is registered as CVE-2023-24221. The attack requires access to the local network. No exploit is available.
vuldb.com

CVE-2023-43961 | Dromara SaToken up to 1.3.50RC Spring dynamic Controller improper authentication (Issue 511 / EUVD-2023-2827)

Vuldb Updates
3 months 3 weeks ago
A vulnerability identified as critical has been detected in Dromara SaToken up to 1.3.50RC. Impacted is an unknown function of the component Spring dynamic Controller Handler. This manipulation causes improper authentication. The identification of this vulnerability is CVE-2023-43961. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

Radar

Dark Feed IO
3 months 3 weeks ago

You must login to view this content

cohenido

Windows 11 更新破坏了 Recovery Environment

Solidot
3 months 3 weeks ago
Windows Recovery Environment(WinRE)是 Windows 的恢复环境,用于在启动失败之后对计算机进行故障排除,包括启动到 BIOS 或以安全模式启动计算机。但 Windows 11 十月更新 KB5066835 存在 bug,会导致在 WinRE 下 USB 键盘和鼠标失去响应,这将导致 WinRE 对大部分用户而言失去了作用。PS/2 接口的键盘和鼠标不受影响,但今天的计算机几乎不再使用此类接口的外设。微软表示正在开发修复程序解决该问题。

Qilin

Dark Feed IO
3 months 3 weeks ago

You must login to view this content

cohenido

Weekly Update 474

Troy Hunt
3 months 3 weeks ago

You're not going to believe this - the criminals that took the Qantas data ignored the injunction 😮 I know, I know, we're all a bit stunned that making crime illegal hasn't appeared to stop it, but here we are. Just before the time

Troy Hunt

PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability

Cyber Security News
3 months 3 weeks ago

A proof-of-concept (PoC) exploit has been released for a critical vulnerability in Microsoft’s Windows Server Update Services (WSUS), enabling unauthenticated attackers to execute remote code with SYSTEM privileges on affected servers. Dubbed CVE-2025-59287 and assigned a CVSS v3.1 score of 9.8, the flaw stems from unsafe deserialization of untrusted data in WSUS’s AuthorizationCookie handling. Disclosed […]

The post PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability appeared first on Cyber Security News.

Guru Baran

From .well-known to Well-Pwned: Common Vulnerabilities in AI Agents

不安全
3 months 3 weeks ago
Obsidian Security发现多个MCP客户端存在严重漏洞,可能导致远程代码执行、本地文件执行和账户接管。问题源于OAuth 2.0受保护资源元数据标准引入的新威胁向量。研究团队揭示了第三方库和官方API的安全风险,并提出了缓解措施以提升MCP生态系统的安全性。

CVE-2010-1936 | openMairie openComInterne 1.01 scr/soustab.php dsn[phptype] path traversal (EDB-12396 / XFDB-58129)

Vuldb Updates
3 months 3 weeks ago
A vulnerability was found in openMairie openComInterne 1.01. It has been declared as problematic. This issue affects some unknown processing of the file scr/soustab.php. The manipulation of the argument dsn[phptype] results in path traversal. This vulnerability was named CVE-2010-1936. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2010-1944 | openMairie openCimetiere 2.01 autorisation.class.php path_om code injection (EDB-12476 / XFDB-58267)

Vuldb Updates
3 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in openMairie openCimetiere 2.01. This vulnerability affects unknown code of the file autorisation.class.php. The manipulation of the argument path_om leads to code injection. This vulnerability is listed as CVE-2010-1944. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2010-1999 | OpenMairie Opencatalogue 1.024 scr/soustab.php dsn[phptype] path traversal (EDB-12475 / SA39688)

Vuldb Updates
3 months 3 weeks ago
A vulnerability was found in OpenMairie Opencatalogue 1.024. It has been rated as problematic. The impacted element is an unknown function of the file scr/soustab.php. The manipulation of the argument dsn[phptype] leads to path traversal. This vulnerability is documented as CVE-2010-1999. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2010-1920 | OpenMairie openAnnuaire 2.00 scr/soustab.php dsn[phptype] path traversal (EDB-12486 / BID-23505)

Vuldb Updates
3 months 3 weeks ago
A vulnerability identified as problematic has been detected in OpenMairie openAnnuaire 2.00. This issue affects some unknown processing of the file scr/soustab.php. This manipulation of the argument dsn[phptype] causes path traversal. This vulnerability is tracked as CVE-2010-1920. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

Managed ad