Aggregator

A vulnerability, which was classified as problematic, was found in South River Technologies Titan FTP Server up to 3.0. Affected is an unknown function of the component Disconnect Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2004-0437. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BEA WebLogic Server up to 8.1 SP2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2004-0471. Attacking locally is a requirement. Furthermore, there is an exploit available.

A vulnerability was found in BEA WebLogic Server up to 8.1 SP2. It has been declared as critical. This vulnerability affects the function SecurityRoleAssignmentMBean.toXML of the component Access Restriction. The manipulation leads to improper privilege management. This vulnerability was named CVE-2004-0470. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Sun MySQL up to 4.0.20. It has been classified as problematic. Affected is an unknown function. The manipulation leads to symlink following. This vulnerability is traded as CVE-2004-0457. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to disable the affected component.

A vulnerability classified as critical was found in Opera Web Browser up to 7.49. Affected by this vulnerability is an unknown functionality of the component Argument Handler. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2004-0473. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache HTTP Server 1.3.x/2.0.x. It has been declared as critical. Affected by this vulnerability is the function ssl_util_uuencode_binary of the component mod_ssl. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2004-0488. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Symantec Norton AntiVirus 2004. Affected by this issue is some unknown functionality of the component ActiveX Control. The manipulation leads to denial of service. This vulnerability is handled as CVE-2004-0487. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Lotus Domino 5.0.12/6.5.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component URI Handler. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2004-0480. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Apache HTTP Server up to 2.0.50. It has been declared as problematic. This vulnerability affects unknown code of the component mod_ssl. The manipulation leads to memory corruption. This vulnerability was named CVE-2004-0488. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Squid Proxy 2.5 Stable/3 Pre and classified as critical. Affected by this issue is some unknown functionality of the component NTLM Authentication Helper. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2004-0541. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Squid Proxy 2.5 Stable/3 Pre and classified as problematic. Affected by this vulnerability is the function ntlm_fetch_string of the component NTLM Authentication. The manipulation leads to denial of service. This vulnerability is known as CVE-2004-0541. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 18 - Win32k Elevation of Privilege Vulnerability

Trendyol’s application security team uncovered a series of bypasses that render Meta’s Llama Firewall protections unreliable against sophisticated prompt injection attacks. The findings raise fresh concerns about the readiness of existing LLM security measures and underscore the urgent need for more robust defenses as enterprises increasingly embed large language models into their workflows. During the […]

The post Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability appeared first on Cyber Security News.

A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler. The manipulation of the argument Request leads to improper access controls. This vulnerability is handled as CVE-2025-7552. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Лечиться препаратами с Земли — как пить кофе из микроволновки. Уже можно лучше.

OpenAI is reportedly preparing to release an artificial intelligence-enhanced web browser within the coming weeks, marking the company’s latest expansion beyond its popular ChatGPT platform. The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as a direct competitor to traditional browser giants like Google Chrome while […]

The post OpenAI is to Launch a AI Web Browser in Coming Weeks appeared first on Cyber Security News.

Submit #614976 / VDB-316249

A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with the malware being distributed directly through the official […]

The post WordPress GravityForms Plugin Hacked to Include Malicious Code appeared first on Cyber Security News.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-7551. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-7550. It is possible to launch the attack remotely. Furthermore, there is an exploit available.