Y&k Iletisim Formu Security Vulnerabilities

About the security content of macOS Sonoma 14.4

About the security content of macOS Sonoma 14.4 This document describes the security content of macOS Sonoma 14.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

SharpCovertTube - Youtube As Covert-Channel - Control Windows Systems Remotely And Execute Commands By Uploading Videos To Youtube

SharpCovertTube is a program created to control Windows systems remotely by uploading videos to Youtube. The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command. The QR codes in the videos can use...

BIT-tensorflow-2021-37657

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixDiagV*. The implementation has incomplete validation that the value of k is a...

BIT-tensorflow-2021-37658

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw_ops.MatrixSetDiagV*. The implementation has incomplete validation that the value of k is a...

BIT-seopanel-2021-39413

Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php;....

BIT-resourcespace-2021-41765

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including us...

BIT-resourcespace-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k...

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal

...

Artica Proxy 4.50 Unauthenticated PHP Deserialization Vulnerability

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is...

Artica Proxy 4.50 Unauthenticated PHP Deserialization

...

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability

...

Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation Vulnerability

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to...

Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation

...

k-report.net Cross Site Scripting vulnerability OBB-3865444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-7103

Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through...

CVE-2023-7103

Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through...

Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.50 Platform: Debian 10 LTS CWE Classification: CWE-502 Deserialization of Untrusted Data CVE ID: CVE-2024-2054 Vulnerability Description The Artica Proxy administrative web application will...

Artica Proxy Unauthenticated File Manager Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel, CWE-552: Files or Directories...

About the security content of iOS 17.4 and iPadOS 17.4

About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-23: Relative Path Traversal CVE ID: CVE-2024-2053 Vulnerability Description The Artica Proxy administrative web application attempts...

openSUSE: Security Advisory for wdiff (openSUSE-SU-2022:10031-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2022:2177-1)

The remote host is missing an update for...

openSUSE: Security Advisory for iperf (SUSE-SU-2023:3887-1)

The remote host is missing an update for...

AC Repair And Services System 1.0 SQL Injection

...

AC Repair and Services System v1.0 - Multiple SQL Injection Vulnerability

...

AC Repair and Services System v1.0 - Multiple SQL Injection

...

Metasploit Weekly Wrap-Up 03/01/2024

Connect the dots from authentication bypass to remote code execution This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in ConnectWise ScreenConnect to achieve remote code execution. This vulnerability, CVE-2024-1709, affects all...

LeakSearch - Search & Parse Password Leaks

LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. In addition,.....

Change Healthcare outages reportedly caused by ransomware

On Wednesday February 21, 2024, Change Healthcare—a subsidiary of UnitedHealth Group—experienced serious system outages due to a cyberattack. In a Form 8-K filing the company said it: “identified a suspected nation-state associated cyber security threat actor had gained access to some of the...

perl2exe 30.10C Arbitrary Code Execution

...

Ubuntu 22.04 perl2exe < V30.10C - Arbitrary Code Execution Vulnerability

...

Executables Created with perl2exe &lt; V30.10C - Arbitrary Code Execution

...

k-tales.ru Cross Site Scripting vulnerability OBB-3859637

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Wyrestorm Apollo VX20 &lt; 1.3.58 - Incorrect Access Control &#039;Credentials Disclosure&#039;

...

Wyrestorm Apollo VX20 &lt; 1.3.58 - Incorrect Access Control &#039;DoS&#039;

...

IBM Operational Decision Manager - Java Deserialization

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to...

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Description 📝 This tool 🛠️...

Fuelflow 1.0 SQL Injection

...

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Description 📝 This tool 🛠️...

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's...

Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability

Talos Vulnerability Report TALOS-2023-1829 Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability February 20, 2024 CVE Number CVE-2023-38562 SUMMARY A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A.....

The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability

Talos Vulnerability Report TALOS-2024-1919 The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability February 20, 2024 CVE Number CVE-2024-23809 SUMMARY A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project...

The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1925 The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-23606 SUMMARY An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project...

Petrol Pump Management Software 1.0 Shell Upload

...

The Biosig Project libbiosig .egi parsing heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1920 The Biosig Project libbiosig .egi parsing heap-based buffer overflow vulnerability February 20, 2024 CVE Number CVE-2024-21795 SUMMARY A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig...

Petrol Pump Management Software 1.0 Shell Upload Vulnerability

...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and...

SISQUALWFM 7.1.319.103 - Host Header Injection Vulnerability

...

CVE-2023-6255

Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before...