Aggregator

How CSPs are Adapting to the Threat Landscape and Meeting new Cybersecurity Challenges

Russian money laundering networks uncovered linking narco traffickers, ransomware gangs and Kremlin spies

A vulnerability was found in qiwen-file 1.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mapper/NoticeMapper.xml. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-50942. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-11959. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2024-11960. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. This vulnerability is known as CVE-2024-11962. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. Affected by this issue is some unknown functionality of the file /admin/room.php. The manipulation of the argument troom leads to sql injection. This vulnerability is handled as CVE-2024-11963. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11964. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. This vulnerability was named CVE-2024-11965. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The identification of this vulnerability is CVE-2024-11966. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-11860. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Bypassing WAFs with the phantom $Version cookie

Physical Machine Equivalent to TryHackMe/Hack The Box/Pentest Garage/etc?

A vulnerability was found in Apache Struts 2.0.14/2.2.3 and classified as critical. This issue affects some unknown processing of the file struts2-showcase/person/editPerson.action of the component struts2-showcase/person/editPerson.action. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2012-1006. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Six password takeaways from the updated NIST cybersecurity framework

Japan warns of IO-Data zero-day router flaws exploited in attacks

Veeam addressed critical Service Provider Console (VSPC) bug

DroidBot: Insights from a new Turkish MaaS fraud operation | Cleafy Labs

Bypassing WAFs with the phantom $Version cookie

​Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...]