Aggregator

A vulnerability classified as critical has been found in WooCommerce Multiple Free Gift Plugin up to 1.2.3 on WordPress. This affects an unknown part. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2022-3459. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in FOX Plugin up to 1.4.2.1 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-8271. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Tenda FH451 1.0.0.9. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-46047. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Tenda FH451 1.0.0.9. It has been classified as critical. Affected is the function formexeCommand. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-46048. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda FH451 1.0.0.9 and classified as critical. This issue affects the function RouteStatic. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-46046. The attack may be initiated remotely. Furthermore, there is an exploit available.

Authors/Presenters:Zichen Gui, Kenneth G. Paterson, Tianxin Tang

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption appeared first on Security Boulevard.

AI 技术之外，最重要还是找准用户需求。

AI 技术之外，最重要还是找准用户需求。

与其卷基础大模型，不如先构建智能体赚钱活下去。

Как правоохранители смогли разоблачить масштабную криминальную сеть?

A vulnerability was found in Vendormate Mobile 3.0 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-6701. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in gnuedu and classified as critical. This vulnerability affects unknown code of the file web/lom.php. The manipulation of the argument ETCDIR leads to code injection. This vulnerability was named CVE-2007-2609. The attack can be initiated remotely. Furthermore, there is an exploit available.

Компания отказалась платить выкуп за украденные файлы.

Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On September 12th, 2024, ZDI and Ivanti released an advisory describing a deserialization vulnerability resulting in remote code execution with a CVSS score of 9.8. In this post we detail the internal workings of this vulnerability. Our POC can be found here. We would like to credit @SinSinology with the discovery of this vulnerability. AgentPortal The ZDI advisory told us exactly where to look for the vulnerability. A service named AgentPortal. A quick search shows us that we can find the file at C:\Program Files\LanDesk\ManagementSuite\AgentPortal.exe. Upon further investigation, we find that it is a .NET binary. After loading AgentPortal.exe into JetBrains dotPeek for decompilation, we find that its not a very complicated program. It’s main responsibility is creating a .NET Remoting service for the IAgentPortal interface. IAgentPortal Interface The IAgentPortal interface is pretty simple, it consists of functions to create Requests and other functions to get the results and check the status of those requests. Digging into what kind of requests we can make, we find the ActionEnum enum. We are immediately drawn to the RunProgram option. The handler […]

The post CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability appeared first on Horizon3.ai.

The post CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability appeared first on Security Boulevard.

A vulnerability has been found in NBA Game Time 2013-2014 4.11 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6700. The attack needs to be initiated within the local network. There is no exploit available.

2024 年 Ig 诺贝尔奖在 MIT 公布了结果。2020-2023 年的颁奖典礼因新冠疫情以在线方式举行，今年是过去五年首次恢复线下颁奖。获奖者没有差旅费补贴，需要自掏腰包。获奖者包括了：B.F. Skinner 因实验用鸽子为导弹制导而获得和平奖，这一实验距今有逾 60 年历史，接受领奖是他的女儿；Jacob White 和 Felipe Yamashita 因发现真实植物模仿人造塑料植物形状的证据而获得植物学奖；Marjolaine Willems 等人因研究北半球居民的头发漩涡方向是否与南半球居民相同而获得解剖学奖；Lieven A. Schenk 等人因发现引起痛苦副作用的假药比不会引起痛苦的假药更有效而获得医学奖；日本东京医科齿科大学教授武部贵则团队因发现哺乳动物也能用肛门呼吸而获得生理学奖；František Barto 等人通过研究逾 30 万次抛硬币证明掉落时的面更可能与抛起时的面相同而获得概率奖；Saul Justin Newman 发现以长寿著称的人更可能生活在出生和死亡记录糟糕的地方而获得人口统计学奖。