Aggregator

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. This vulnerability was named CVE-2024-10655. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. This issue affects some unknown processing of the file /pda/meeting/apply.php. The manipulation of the argument mr_id leads to sql injection. The identification of this vulnerability is CVE-2024-10656. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Floodlight SDN Open Flow Controller 1.2. This vulnerability affects unknown code of the component LLDP Packet Handler. The manipulation leads to Local Privilege Escalation. This vulnerability was named CVE-2024-51406. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as problematic was found in oasys 1.1. Affected by this vulnerability is an unknown functionality of the file /logins. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-48270. The attack needs to be done within the local network. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Floodlight SDN OpenFlow Controller 1.2. This affects an unknown part of the component Broadcast Port Handler. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-51407. Attacking locally is a requirement. There is no exploit available.

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. This vulnerability was named CVE-2024-10598. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2024-10599. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. This vulnerability is traded as CVE-2024-10600. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. This vulnerability is known as CVE-2024-10601. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. This vulnerability is handled as CVE-2024-10602. The attack may be launched remotely. Furthermore, there is an exploit available.

Meta 的核能数据中心计划受阻于稀有蜜蜂物种。报道没有披露蜜蜂物种名称。Meta 原计划与一家核电运营商达成协议，为其 AI 数据中心提供零排放核电。但该计划面临多个复杂因素，包括环境和监管挑战。原因是为该项目预留的土地上发现了一种稀有的蜜蜂物种。知情人士透露，扎克伯格（Mark Zuckerberg）上周在 Meta 全体会议上称，数据中心设施预计将建造的地点附近发现了罕见蜜蜂。

Submit #429558 / VDB-283088

Google has released a batch of security updates addressing 40 vulnerabilities, two of which are critical zero-day exploits. As reported in the November 2024 Android Security Bulletin, these updates are crucial for maintaining the integrity and safety of Android devices worldwide. The November 5, 2024, security patch is designed to tackle a broad spectrum of […]

The post Google Patched 40 Security Vulnerabilities Along With Two Zero-Days appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-3848. The attack may be initiated remotely. Furthermore, there is an exploit available. We tried to contact the vendor early about the disclosure but the official mail address was not working properly. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Швейцарские инженеры создали гибкого робота для работы в недоступных местах.

Cybercriminals are exploiting DocuSign’s APIs to send highly authentic-looking fake invoices, while DocuSign’s forums have reported a rise in such fraudulent campaigns in recent months. Unlike typical phishing scams that rely on spoofed emails and malicious links, these attacks use legitimate DocuSign accounts and templates to mimic reputable companies, according to a Wallarm report. By..

The post Hackers Exploit DocuSign APIs for Phishing Campaign appeared first on Security Boulevard.

A vulnerability was found in Ultimate Bootstrap Elements for Elementor Plugin up to 1.4.6 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-10329. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Pods Plugin up to 3.2.7.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9883. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Post From Frontend Plugin up to 1.0.0 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-9689. It is possible to initiate the attack remotely. There is no exploit available.

免责声明：请勿利用文章内的相关技术从事非法测试，如因此产生的一切不良后果与文章作者和本公众号无关。如有侵权烦请后台告知，我们会立即删除并致歉。谢谢HTTP缓存概述 缓存是一种技术，它存储给定资源的副本