X3 Hr & Payroll Security Vulnerabilities

Mageia: Security Advisory (MGASA-2024-0231)

The remote host is missing an update for...

U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to....

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...

Debian dla-3836 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3836 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3836-1 [email protected] ...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

Thunderbird vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

Oracle Linux 8 : glibc (ELSA-2024-12440)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12440 advisory. - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267)....

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....

Mageia: Security Advisory (MGASA-2024-0222)

The remote host is missing an update for...

glibc security update

[2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi Oracle history: May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi May-22-2024 Cupertino Miranda - 2.28-251.0.2 ...

Payroll Management System 1.0 Remote Code Execution

...

hr-pua.com Cross Site Scripting vulnerability OBB-3935354

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Debian dsa-5711 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5711 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5711-1 [email protected] ...

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

glibc security update

An update is available for glibc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

glibc bug fix and enhancement update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10.....

glibc security update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

AlmaLinux 9 : libreoffice (ALSA-2024:3835)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...

Rocky Linux 9 : libreoffice (RLSA-2024:3835)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3835 advisory. * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission...

Rocky Linux 9 : glibc (RLSA-2024:3339)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...

Rocky Linux 8 : glibc (RLSA-2024:3344)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3344 advisory. * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion ...

[SECURITY] [DLA 3825-1] firefox-esr security update

Debian LTS Advisory DLA-3825-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 13, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.12.0esr-1~deb10u1 CVE...

Debian dla-3825 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3825 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3825-1 [email protected] ...

CVE-2024-5898

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2024-5898

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2024-5898 itsourcecode Payroll Management System print_payroll.php sql injection

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

Debian dsa-5709 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5709 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5709-1 [email protected] ...

RHEL 9 : libreoffice (RHSA-2024:3835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

libreoffice security update

[7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols...

Oracle Linux 9 : libreoffice (ELSA-2024-3835)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3835 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols - Resolves: rhbz#2210193 CVE-2023-0950 Array Index...

Exploit for CVE-2024-30212

[![CVSS3][cvss3-shield]][cvss4-url]...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them

_Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. _ In an...

Northwind Demo 1.0 Cross Site Scripting

...

Mageia: Security Advisory (MGASA-2024-0209)

The remote host is missing an update for...

Oracle Linux 8 : glibc (ELSA-2024-3344)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3344 advisory. [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...

Oracle Linux 8 : glibc (ELSA-2024-3269)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3269 advisory. [2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi <[email protected]> Tenable has extracted the...