Aggregator

A vulnerability was found in Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Apache Groovy. The manipulation leads to deserialization. This vulnerability is handled as CVE-2016-6814. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Agile PLM MCAD Connector 3.4/3.5/3.6. It has been classified as very critical. This affects an unknown part of the component CAX Client. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2016-6814. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. Google patches actively exploited Android vulnerability (CVE-2024-43093) Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: … More →

The post Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability appeared first on Help Net Security.

Faced with a critical system failure, would you choose a month without MFA or data backups? Explore the consequences of each in this risk management exercise.

The post Go Without MFA or Data Backups: Which is Worse? | Grip appeared first on Security Boulevard.

See how the Grip-ServiceNow integration enhances ITSM by identifying and managing shadow SaaS, reducing costs, boosting efficiency, and strengthening security.

The post Extend ServiceNow ITSM to Manage Shadow SaaS Risk | Grip appeared first on Security Boulevard.

ISPs face a few unique challenges and risks when it comes to DDoS attacks. Their size and complexity make them bigger targets for hackers, while their unique structural features require more tailored defenses.   ISPs can be both direct targets of hackers and targets-by-association, as they host hundreds or thousands of customers – large companies, banks, […]

The post DDoS Attacks Targeting ISPs are Different – Here’s How appeared first on Security Boulevard.

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-11061. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform 金和数字化智能办公平台 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-11060. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #440825 / VDB-283807

Submit #440344 / VDB-283806

美军官员和学者研析网络部队生成的创新解决方案

A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-11059. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-11058. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #440337 / VDB-283805

A vulnerability was found in 10Web Form Maker Plugin up to 1.15.30 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument add_query_arg leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10265. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP Photo Album Plus Plugin up to 8.8.08.007 on WordPress and classified as critical. Affected by this issue is the function getshortcodedrenderedfenodelay of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-10958. The attack may be launched remotely. There is no exploit available.

Submit #439683 / VDB-283804

微软确认「邮件和日历」应用将于今年 12 月 31 日停用；荣耀 Magic7 系列打破荣耀历史所有新机首销日销售额纪录；东风汽车发布全国产自主可控高性能车规级 MCU 芯片 DF30