Aggregator

Submit #543273: Project Worlds Online Lawyer Management System 1.0 SQL injection [Accepted]

Vuldb Submit

3 months 4 weeks ago

Submit #543273 / VDB-303130

pyj2cve

Submit #543272: Project Worlds Online Lawyer Management System 1.0 SQL injection [Duplicate]

Vuldb Submit

3 months 4 weeks ago

Submit #543272 / VDB-303129

pyj2cve

Submit #543271: Project Worlds Online Lawyer Management System 1.0 SQL injection [Accepted]

Vuldb Submit

3 months 4 weeks ago

Submit #543271 / VDB-303129

pyj2cve

Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

The Hackers News

3 months 4 weeks ago

Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target's device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed by

The Hacker News

Вместо своих детей — 20 чужих: последствия неудачного обновления

Securitylab.ru

3 months 4 weeks ago

Обновление системы T-Mobile привело к утечке геолокации несовершеннолетних.

1touch.io helps organizations safeguard sensitive data

Help Net Security

3 months 4 weeks ago

1touch.io launched the next-generation Enterprise Data Security Posture Management (DSPM) platform, a solution designed specifically for hybrid, multi-cloud, on-premises, and mainframe environments. By integrating continuous data discovery, real-time access intelligence, AI-powered risk prioritization, and policy-driven orchestration into a unified platform, 1touch.io delivers business value to organizations by reducing security risks, optimizing compliance operations, and enabling digital transformation at scale. Traditional DSPM tools rely on periodic snapshots and limited datasets, leaving security teams overwhelmed and organizations … More →

The post 1touch.io helps organizations safeguard sensitive data appeared first on Help Net Security.

Industry News

CVE-2025-3169 | Projeqtor up to 12.0.2 /tool/saveAttachment.php attachmentFiles unrestricted upload

VulDB Recent Entries

3 months 4 weeks ago

A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. This vulnerability is handled as CVE-2025-3169. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web."

vuldb.com

CVE-2013-2009 | WP Super Cache Plugin 1.2 on WordPress improper authentication (EDB-38494 / XFDB-83799)

Vuldb Updates

3 months 4 weeks ago

A vulnerability was found in WP Super Cache Plugin 1.2 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2013-2009. The attack may be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

PorteuX 2.0 释出

Solidot

3 months 4 weeks ago

基于 Slackware Linux 的发行版 PorteuX 释出了 v2.0 版本。PorteuX 有两种版本，其一是稳定版 stable，其二是滚动更新版 current。PorteuX 2.0 主要变化包括：Cinnamon、LXQt 和 Xfce 桌面环境引入实验性的 Wayland 会话功能(退出后从登录屏幕右上角第一个图标中选择 Wayland 会话)，Linux 6.14，英伟达驱动更新到 570.133.07，Cinnamon 6.4.9 (仅限 current)，GNOME 48.0 (仅限 current)，KDE 6.3.3(仅限 current)，等等。