Aggregator

A vulnerability labeled as critical has been found in Internet-works NUs Newssystem 1.02. This affects an unknown function of the file Nus.php. The manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2010-5060. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Nuked-Klan Partenaires module 1.5. This vulnerability affects unknown code of the file clic.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2010-4925. The attack can be initiated remotely. Additionally, an exploit exists.

Sora 2 показала, что эпоха «попросим прощения, а не разрешения» подходит к концу.

A vulnerability described as critical has been identified in Edmondhui.homeip Np Twitter 0.9. Affected by this vulnerability is an unknown functionality of the file nucleus/plugins/NP_Twitter.php. Such manipulation of the argument DIR_PLUGINS leads to code injection. This vulnerability is uniquely identified as CVE-2010-2314. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in John Bradshaw Np Gallery Plugin 0.94. It has been declared as critical. The impacted element is an unknown function of the file index.php. The manipulation of the argument DIR_NUCLEUS results in code injection. This vulnerability is reported as CVE-2010-5040. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in John Bradshaw Np Gallery Plugin 0.94. It has been rated as critical. This affects an unknown function of the file index.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2010-5041. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Nusoftware nuBuilder up to 10.04.20. It has been classified as problematic. This impacts an unknown function of the file productionnu2/fileuploader.php of the component Uploader. Performing manipulation of the argument dir results in path traversal. This vulnerability is cataloged as CVE-2010-2850. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

A vulnerability was found in NovaBoard 1.1.2. It has been classified as critical. This impacts an unknown function of the file index.php. Performing manipulation of the argument forums[] results in sql injection. This vulnerability is cataloged as CVE-2010-0608. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as problematic has been reported in SoX. The affected element is the function startread of the file wav.c of the component WAV File Handler. The manipulation leads to divide by zero. This vulnerability is listed as CVE-2021-33844. The attack may be initiated remotely. There is no available exploit.

A vulnerability marked as problematic has been reported in Moby up to 25.0.12. Impacted is an unknown function. This manipulation causes missing initialization of resource. This vulnerability is handled as CVE-2025-54410. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in PgPool Global Development Group Pgpool-II 4.6.0. It has been rated as very critical. Affected by this issue is some unknown functionality. Performing manipulation results in authentication bypass by primary weakness. This vulnerability is cataloged as CVE-2025-46801. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in FFmpeg 6.1.1. It has been rated as critical. This issue affects the function parse_options of the file sbgdec.c. The manipulation of the argument duration leads to integer overflow. This vulnerability is listed as CVE-2024-35366. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

The indictment of the former national security adviser is the latest against President Donald Trump’s political enemies.

The post John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats appeared first on CyberScoop.

Swalwell: Sweeping CISA Cuts Leave Nation Vulnerable to Major Cyberattacks
A top Democratic lawmaker is demanding transparency and calling for the immediate reversal of major workforce cuts at the Cybersecurity and Infrastructure Security Agency, which is only operating with 35% of its total staff amid the ongoing government shutdown and resulting reductions-in-force.

Also, Internet-Exposed Call Center Software Under Attack and Patch Tuesday
This week: Chinese hackers exploited ArcGIS, Internet-exposed call center software under attack, October patch Tuesday, Massachusetts student sentenced for $3 million extortion hack, New York fined eight insurers $14.2M over data breaches, more than 100 VS Code extensions leak secrets.

Synthetic Identities for Superprime Borrowers Generate 3 Times Higher Fraud Losses
Auto lenders operate on a simple principle - the higher a borrower's credit score, the lower the risk. But new data from TransUnion reveals a troubling contradiction: Superprime borrowers with a credit score higher than 720 are generating three times more fraud losses than subprime borrowers.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Workshop on Binary Analysis Research (BAR) 2025, Session II appeared first on Security Boulevard.

Физики показали, что в мире атомов действуют свои правила.