Aggregator

A vulnerability was found in Adobe Flash Player up to 9.0.124.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2007-6243. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in SaaS, and how these misunderstandings can lead to security risks. What common misconceptions do you encounter about the distribution of responsibilities in a cloud environment, and how do these misunderstandings increase security risks? SaaS providers and their customers both care deeply about security, compliance, and meeting global regulations. However, SaaS is still relatively … More →

The post Who handles what? Common misconceptions about SaaS security responsibilities appeared first on Help Net Security.

Currently trending CVE - hypeScore: 1 - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.

Currently trending CVE - hypeScore: 1 - Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, t

Currently trending CVE - hypeScore: 1 - Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Currently trending CVE - hypeScore: 1 - Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you

Currently trending CVE - hypeScore: 1 - The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code exec

Currently trending CVE - hypeScore: 1 - A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized acces

Currently trending CVE - hypeScore: 1 - In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Currently trending CVE - hypeScore: 2 - Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Currently trending CVE - hypeScore: 2 - The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to inclu

Currently trending CVE - hypeScore: 9 - A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

I need help

A vulnerability was found in Ghlab Korean GHBoard and classified as problematic. This issue affects some unknown processing of the file download.jsp. The manipulation of the argument name leads to path traversal. The identification of this vulnerability is CVE-2007-5739. The attack may be initiated remotely. Furthermore, there is an exploit available.

November Zero-Day Phishing Threat Intel

A vulnerability classified as critical was found in Absoluteanime Prime Quick Style up to 1.2.2. This vulnerability affects unknown code. The manipulation of the argument prime_quick_style leads to sql injection. This vulnerability was named CVE-2009-3052. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Aksoft akPlayer 1.9.0. It has been declared as very critical. This vulnerability affects unknown code of the file plt. The manipulation leads to memory corruption. This vulnerability was named CVE-2009-3058. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Xstate Real Estate 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file page.html. The manipulation of the argument pid leads to sql injection. This vulnerability is handled as CVE-2009-4477. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Xstate Real Estate 1.0. This affects an unknown part of the file home.html. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2009-4478. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Jvitals Com Agora up to 3.0.0b. This issue affects some unknown processing of the file index.php. The manipulation of the argument action leads to path traversal. The identification of this vulnerability is CVE-2009-3053. The attack may be initiated remotely. Furthermore, there is an exploit available.