EZ Media & Backup Center Ix2 Security Vulnerabilities

CVE-2024-4219

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery...

CVE-2024-4220

Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...

CVE-2024-4220 Information Disclosure in BeyondInsight

Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...

CVE-2024-4219 SSRF In BeyondInsight

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery...

TikTok Hack Targets ‘High-Profile’ Users via DMs

TikTok has confirmed a “potential exploit” that is being used to go after accounts belonging to media organizations and celebrities, including CNN and Paris Hilton, through direct...

AI jailbreaks: What they are and how they can be mitigated

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s). As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used...

AIX is vulnerable to denial of service due to ISC BIND

IBM SECURITY ADVISORY First Issued: Tue Jun 4 16:06:25 CDT 2024 |Updated: Wed Jun 5 08:17:08 CDT 2024 |Update: Corrected the affected fileset levels to reflect that | bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable. The most recent version of this document is available here:...

CVE-2024-28999

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...

CVE-2024-29004

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...

CVE-2024-29004

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...

CVE-2024-28999

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...

CVE-2024-28996

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...

CVE-2024-28996

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...

CVE-2024-29004 SolarWinds Platform Stored XSS Vulnerability

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...

CVE-2024-29004 SolarWinds Platform Stored XSS Vulnerability

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...

CVE-2024-28999 SolarWinds Platform Race Condition Vulnerability

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...

CVE-2024-28999 SolarWinds Platform Race Condition Vulnerability

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...

CVE-2024-28996 SolarWinds Platform SWQL Injection Vulnerability

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...

CVE-2024-28996 SolarWinds Platform SWQL Injection Vulnerability

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...

CVE-2024-35664

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...

CVE-2024-35664

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...

CVE-2024-35664 WordPress WPvivid Backup for MainWP plugin <= 0.9.32 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...

CVE-2024-35664 WordPress WPvivid Backup for MainWP plugin <= 0.9.32 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...

Exploit for CVE-2024-21683

CVE-2024-21683 21 мая 2024 года была зарегистрирована...

Russians Love YouTube. That’s a Problem for the Kremlin

YouTube remains the only major US-based social media platform available in Russia. It’s become "indispensable" to everyday people, making a ban tricky. Journalists and dissidents are taking...

CVE-2024-3555

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

CVE-2024-3555

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

Denial Of Service (DoS)

typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of size limits on media files (*.youtube and *.vimeo) in the TYPO3 backend, which results in large files consuming excessive system...

Dotclear 2.29 - Remote Code Execution Exploit

...

WBCE CMS v1.6.2 - Remote Code Execution Exploit

...

Mageia: Security Advisory (MGASA-2024-0205)

The remote host is missing an update for...

Serendipity 2.5.0 - Remote Code Execution Exploit

...

CMSimple 5.15 - Remote Code Execution (Authenticated) Vulnerability

...

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,.....

Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: * High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11 * High CVE-2024-5494: Use after free in Dawn. Reported by...

Chromium: CVE-2024-5496 Use after free in Media Session

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....

800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...

Exploit for Missing Authorization in Myeventon Eventon

...

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

SASE Threat Report: 8 Key Findings for Enterprise Security

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the...

Improved Guidance for Azure Network Service Tags

Summary Microsoft Security Response Center (MSRC) was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags feature. Microsoft acknowledged that Tenable provided a valuable contribution to the Azure...