Aggregator

A vulnerability, which was classified as critical, has been found in Apache Lucene.Net.Replicator up to 4.8.0-beta00016. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-43383. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Данные пользователей оказались в заложниках предприимчивых злоумышленников.

Thunderbird for Android 发布了首个正式版。Thunderbird 的 Android 版源自开源邮件客户端 K-9 Mail，K-9 Mail 是在 2022 年 6 月加入 Thunderbird 项目的，到 Thunderbird for Android 的正式发布经历了两年多的时间，用户可通过 Google Play Store、GitHub Releases 或 Thunderbird 官网下载使用，开源应用商店 F-Droid 将在晚些时候发布。Thunderbird for Android 主要功能包括：浅色/深色主题，通过 OpenKeychain 应用使用 OpenPGP 加密和解密邮件，统一收件箱、启用/禁用联系人图片，选择立即、按设定的时间间隔或按需同步邮件，选择退出数据使用收集以保护隐私，等等。

Check Point

A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. This vulnerability is traded as CVE-2024-10378. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in libsndfile up to 1.2.2. It has been classified as problematic. Affected is the function mpeg_l3_encoder_close of the file mpeg_l3_encode.c. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2024-50613. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical was found in MaanTheme MaanStore API Plugin up to 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-50487. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Scott Paterson ScottCart Plugin up to 1.1 on WordPress. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-50492. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in LUBUS WP Query Console Plugin up to 1.0 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2024-50498. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Realty Workstation Plugin up to 1.0.45 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to authentication bypass using alternate channel. This vulnerability is handled as CVE-2024-50489. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in WP SEO Premium SEO Pack Plugin up to 1.6.001 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-50465. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Swoop 1-Click Login Plugin 1.4.5 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to authentication bypass by primary weakness. This vulnerability is handled as CVE-2024-50478. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Sunnet eHRD CTMS up to 10.13. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-10438. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Sunnet eHRD CTMS up to 10.7. This issue affects some unknown processing. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2024-10439. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. This vulnerability is known as CVE-2024-10447. The attack can be launched remotely. There is no exploit available.

Recently one of my fellow SANS instructors, Mattia Epifani, noted that in Windows 11 23H2 the WordWheelQuery value is no longer populated. Time to do some testing! Forensafe has a nice article that describes the artefact. When I do a simple search in Explorer, it should populate a dropdown box in the search box; at […]

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387, which was exploited by security researchers during the recent Pwn2Own Ireland 2024. The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP’s SMB Service. The researcher YingMuo […]

ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year

一位不满的前迪士尼员工 Michael Scheuer 被控多次入侵了迪士尼乐园 Walt Disney World 餐厅使用的第三方菜单制作​​软件，修改了菜单上的过敏信息，声称含有花生的食物对花生过敏者无害，还在菜单里加入了脏话，将菜单使用的字体全部改为 Wingdings。起诉书称，Michael Scheuer 是在被解雇后不久利用尚未取消的密码访问了这些系统。含有花生的食物对花生过敏者可能是致命的。起诉书表示，迪士尼在纂改后的菜单打印发放到餐厅前就发现了问题。