Lucene search

K

Sermon'e – Sermons Online Security Vulnerabilities

cvelist
cvelist

CVE-2024-5516 itsourcecode Online Blood Bank Management System massage.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-30 01:31 PM
vulnrichment
vulnrichment

CVE-2024-5516 itsourcecode Online Blood Bank Management System massage.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely.....

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-30 01:31 PM
1
thn
thn

Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware

Europol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot as part of a coordinated law enforcement effort codenamed Operation Endgame. "The actions focused on disrupting...

7.2AI Score

2024-05-30 10:40 AM
4
malwarebytes
malwarebytes

The Ticketmaster “breach”—what you need to know

Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users. The data was offered for sale on one forum under the name "Shiny Hunters". ShinyHunters is the online handle for.....

7.3AI Score

2024-05-30 10:26 AM
5
thn
thn

U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global...

7.5AI Score

2024-05-30 08:55 AM
1
thn
thn

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing...

7.6AI Score

2024-05-30 06:52 AM
1
nessus
nessus

FreeBSD : chromium -- security fix (6926d038-1db4-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6926d038-1db4-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...

8.8CVSS

6.4AI Score

0.003EPSS

2024-05-30 12:00 AM
ubuntucve
ubuntucve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

7.1AI Score

0.0004EPSS

2024-05-30 12:00 AM
wpvulndb
wpvulndb

WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce < 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

Description The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-30 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in...

6.7AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
nessus
nessus

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 320a19f7-1ddd-11ef-a2ae-8c164567ca3c advisory. The nginx development team reports: This update fixes the following vulnerabilities: Tenable...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
krebs
krebs

Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...

7.4AI Score

2024-05-29 07:21 PM
6
thn
thn

Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha

Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore remote access trojan (RAT) called AllaSenha. The malware is "specifically aimed at stealing credentials that are required to access Brazilian bank accounts, [and]...

7.7AI Score

2024-05-29 02:58 PM
2
malwarebytes
malwarebytes

Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap?

Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago. At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once...

7.3AI Score

2024-05-29 01:06 PM
10
thn
thn

U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams

The U.S. Department of Justice (DoJ) has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in...

7.2AI Score

2024-05-29 11:50 AM
1
thn
thn

BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the...

7.4AI Score

2024-05-29 07:11 AM
6
veracode
veracode

Path Traversal

org.openapitools, openapi-generator-online is vulnerable to a Path Traversal. The vulnerability is due to unrestricted access to the outputFolder option, which allows attackers to manipulate file paths and potentially read or delete files and folders outside of the intended...

8.3CVSS

6.6AI Score

0.0004EPSS

2024-05-29 07:10 AM
3
nvd
nvd

CVE-2024-5437

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...

3.5CVSS

3.7AI Score

0.0004EPSS

2024-05-29 12:15 AM
cve
cve

CVE-2024-5437

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...

3.5CVSS

6.2AI Score

0.0004EPSS

2024-05-29 12:15 AM
1
nessus
nessus

FreeBSD : OpenSSL -- Use after free vulnerability (73a697d7-1d0f-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 73a697d7-1d0f-11ef-a490-84a93843eb75 advisory. The OpenSSL project reports: Use After Free with SSL_free_buffers (low). Calling the OpenSSL API...

6.6AI Score

EPSS

2024-05-29 12:00 AM
2
vulnrichment
vulnrichment

CVE-2024-5437 SourceCodester Simple Online Bidding System save_category cross site scripting

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...

3.5CVSS

6.2AI Score

0.0004EPSS

2024-05-28 11:31 PM
1
cvelist
cvelist

CVE-2024-5437 SourceCodester Simple Online Bidding System save_category cross site scripting

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...

3.5CVSS

3.7AI Score

0.0004EPSS

2024-05-28 11:31 PM
2
krebs
krebs

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

7.3AI Score

2024-05-28 08:38 PM
14
malwarebytes
malwarebytes

pcTattletale spyware leaks database containing victim screenshots, gets website defaced

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...

7.2AI Score

2024-05-28 08:35 PM
9
osv
osv

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

9AI Score

EPSS

2024-05-28 08:20 PM
2
github
github

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

9AI Score

EPSS

2024-05-28 08:20 PM
3
metasploit
metasploit

WordPress Hash Form Plugin RCE

The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the file_upload_action function. This vulnerability exists in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload....

8.4AI Score

2024-05-28 04:27 PM
24
osv
osv

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

8.3CVSS

6.3AI Score

0.0004EPSS

2024-05-28 03:47 PM
5
github
github

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

8.3CVSS

6.7AI Score

0.0004EPSS

2024-05-28 03:47 PM
11
cve
cve

CVE-2024-5428

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site...

4.3CVSS

7.1AI Score

0.0004EPSS

2024-05-28 02:15 PM
1
nvd
nvd

CVE-2024-5428

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-28 02:15 PM
cvelist
cvelist

CVE-2024-5428 SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-28 01:31 PM
1
thn
thn

Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...

7.5AI Score

2024-05-28 12:50 PM
3
cvelist
cvelist

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

8.3CVSS

8.1AI Score

0.0004EPSS

2024-05-27 04:11 PM
1
hackread
hackread

Hajj Pilgrimage Hit by Extensive Phishing and Data Theft Scams

By Waqas Planning to perform Hajj this year? Ensure your journey to Saudi Arabia is secure and avoid online scams that could jeopardize your life savings and personal data. This is a post from HackRead.com Read the original post: Hajj Pilgrimage Hit by Extensive Phishing and Data Theft...

7.2AI Score

2024-05-27 01:19 PM
4
securelist
securelist

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

6.4AI Score

2024-05-27 01:00 PM
9
thn
thn

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the...

7AI Score

2024-05-27 12:12 PM
1
redhatcve
redhatcve

CVE-2021-47553

In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the....

6.9AI Score

0.0004EPSS

2024-05-27 09:56 AM
1
malwarebytes
malwarebytes

A week in security (May 20 &#8211; May 26)

Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI "Recall" feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a...

7.3AI Score

2024-05-27 07:24 AM
5
thn
thn

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to...

7.6AI Score

2024-05-27 06:31 AM
1
nvd
nvd

CVE-2024-5395

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-27 03:15 AM
cve
cve

CVE-2024-5395

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-27 03:15 AM
25
nvd
nvd

CVE-2024-5397

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack can be launched...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-27 03:15 AM
nvd
nvd

CVE-2024-5396

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-27 03:15 AM
cve
cve

CVE-2024-5397

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack can be launched...

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-27 03:15 AM
23
cve
cve

CVE-2024-5396

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-27 03:15 AM
24
cvelist
cvelist

CVE-2024-5397 itsourcecode Online Student Enrollment System instructorSubjects.php sql injection

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack can be launched...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-27 03:00 AM
vulnrichment
vulnrichment

CVE-2024-5397 itsourcecode Online Student Enrollment System instructorSubjects.php sql injection

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack can be launched...

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-27 03:00 AM
cvelist
cvelist

CVE-2024-5396 itsourcecode Online Student Enrollment System newfaculty.php sql injection

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-27 02:31 AM
vulnrichment
vulnrichment

CVE-2024-5396 itsourcecode Online Student Enrollment System newfaculty.php sql injection

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-27 02:31 AM
Total number of security vulnerabilities42684