Aggregator

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been rated as critical. Affected by this issue is the function get_rrd of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-51300. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been declared as critical. Affected by this vulnerability is the function dumpSyslog of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51299. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been classified as critical. Affected is the function doGRETunnel of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-51298. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Draytek Vigor 3900 1.5.1.3 and classified as critical. This issue affects the function pingtrace of the file mainfunction.cgi. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-51296. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Draytek Vigor 3900 1.5.1.3 and classified as critical. This vulnerability affects the function ldap_search_dn of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability was named CVE-2024-51304. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Eclipse Mosquitto up to 2.0.18. This affects an unknown part of the component PUBLISH Packet Handler. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2024-3935. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Eclipse Mosquitto up to 2.0.18. Affected by this issue is the function on_subscribe of the component SUBACK Packet Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-10525. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.

The holiday season is right around the corner—and consumer trends continue to show that spending during holiday shopping periods is higher than at any other time of year. With this increased spending comes the heightened need for reliable banking services. From credit card and debit card authorizations to deposits and...

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-10349. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10348. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.

Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.

Компания запускает программу Bug Bounty для поиска уязвимостей.

A vulnerability classified as critical has been found in Apple macOS up to 10.12.3. This affects an unknown part of the component Kernel. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-2473. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said it managed to publish a

With the proliferation of APIs, and the speed at which AI functionality is helping fuel innovation, a strategic approach for securing APIs is no longer a nice to have, it’s a criticality. Without a proactive approach, your APIs could become easy targets for attackers. StackHawk is here to flip the script by offering a proactive, Shift-left API security solution that helps organizations secure their APIs from the start, not after it’s too late. StackHawk’s platform … More →

The post Product showcase: Shift API security left with StackHawk appeared first on Help Net Security.

malloc_init_state_attack

jndi +反序列化攻击绕过 jdk 限制技术学习