Aggregator

A vulnerability classified as problematic was found in Premium Addons for Elementor Plugin up to 4.10.28 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-3885. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Jeg Elementor Kit Plugin up to 2.6.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument JKit Banner leads to cross site scripting. This vulnerability was named CVE-2024-3819. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Premium Addons for Elementor Plugin up to 4.10.30 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-4203. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.17 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument eael_event_text_color leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-4156. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.15 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument eael_team_members_image_rounded leads to cross site scripting. The identification of this vulnerability is CVE-2024-4003. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Qualcomm Snapdragon. It has been classified as critical. This affects an unknown part of the component Sound Model Data Handler. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2023-43525. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon. It has been declared as critical. This vulnerability affects unknown code of the component Listen Sound Model Client. The manipulation leads to buffer overflow. This vulnerability was named CVE-2023-43526. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon. This affects an unknown part of the component VM Handler. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2023-33119. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Qualcomm Snapdragon and classified as critical. This vulnerability affects unknown code of the component Listener. The manipulation leads to use after free. This vulnerability was named CVE-2023-43521. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon and classified as critical. This issue affects some unknown processing of the component AHAL. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2023-43524. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Icewarp WebMail Server up to 11.4.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /webmail/. The manipulation of the argument color as part of Parameter leads to cross site scripting. This vulnerability is known as CVE-2020-8512. The attack can be launched remotely. Furthermore, there is an exploit available.

基本信息原文名称：Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities原文作者：Emre Gül

error code: 521

HackerNews 编译，转载请注明出处： 艾利产品公司警告称，其网站遭到黑客入侵，导致客户信用卡和个人信息被盗，发生数据泄露事件。 艾利公司是一家生产销售自粘标签、服装品牌元素及提供印刷服务的美国公司。 在向受影响的客户发送的数据泄露通知中，艾利公司发现他们于2024年12月9日遭到攻击。 经过数字取证专家的内部调查，发现威胁行为者已于2024年7月18日在公司网上商店域名“avery.com”上植入了信用卡侧录器。 因此，2024年7月18日至12月9日期间，客户在艾利公司网站上输入的敏感支付信息被泄露给了威胁行为者。 “2024年12月9日，艾利公司发现与某些系统相关的勒索软件攻击，”通知中写道。 “艾利公司立即在取证专家的协助下展开调查，以确定活动的性质和范围。” “我们的调查显示，一名未经授权的入侵者在2024年7月18日至12月9日期间，在我们的网站avery.com上插入了恶意软件，用于‘窃取’信用卡信息。” 此次泄露事件中，以下数据遭到泄露： 姓名 账单和送货地址 电子邮件地址 电话号码 支付卡号、安全验证码（CVV）和到期日 购买金额 未泄露的信息包括：社会保险号、驾照号、政府颁发的身份证号及出生日期。 然而，已泄露的数据足以让不法分子以受害者名义进行欺诈交易，并在其账户中进行未经授权的购买。 “我们尚不清楚欺诈费用是否与我们的网站事件有关，但现在看来，由于我们收到两封客户邮件，表明他们产生了欺诈费用或收到网络钓鱼邮件，因此支付卡（及其他）信息可能已被窃取，”数据泄露通知继续写道。 “本月我们收到多起类似报告。因此，我们向您发送此通知，以便您采取措施保护自己。” 根据缅因州总检察长门户网站上关于数据泄露的条目，此次事件影响了61,193名艾利客户。 为减轻风险，艾利公司通过Cyberscout提供12个月的免费信用监控服务。 还建议通知收件人警惕未经请求的通信，并立即向银行和有关部门报告其账户上的任何可疑活动。 艾利公司还设立了专线，解答客户对此次事件的疑问和担忧。   消息来源：Bleeping Computer, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文