Creativeitem Academy-LMS Security Vulnerability

Creativeitem Academy-LMS is an online learning platform from Creativeitem, Inc. A security vulnerability exists in Creativeitem Academy-LMS version v.6.8.1, which stems from a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code and obtain sensitive informatio...

Learning Management System 安全漏洞

Learning Management System is itsourcecode open source a learning management system . Learning Management System version 1.0 suffers from a SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statements . Attackers can use this...

PT-2024-27799 · Unknown · Learning Management System Project In Php With Source Code

Name of the Vulnerable Software and Affected Versions: Learning Management System Project In PHP With Source Code version 1.0 Description: The issue allows attackers to execute arbitrary SQL commands via the id parameter in the processscore.php file. This can lead to unauthorized access and...

CVE-2024-37870

CVE-2024-37870 describes a SQL injection in the Learning Management System Project In PHP With Source Code version 1.0, specifically in processscore.php. The root cause is unsanitized input passed via the id parameter, enabling an attacker to construct arbitrary SQL commands. Documented impacts i...

CVE-2024-37870

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter...

CVE-2024-38959

CVE-2024-38959 is a cross-site scripting vulnerability in Creativeitem Academy LMS Learning Management System v6.8.1 . The issue affects the handling of a string parameter , enabling a remote attacker to execute arbitrary code and access sensitive information . The description across multiple tru...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

DEBIAN-CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

UBUNTU-CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

CVE-2024-3653

CVE-2024-3653 affects Undertow. The vulnerability arises when learning-push handler is enabled in server config (disabled by default); if maxAge is left at its default -1, the handler becomes vulnerable. An attacker with network access can reach the server with a normal HTTP request to exploit th...

CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

New Mirai Botnet Variants Observed: How to Identify a Mirai-Style DDoS Attack

The Mirai Internet of Things IoT botnet, notorious for targeting connected household devices like cameras, alarm systems, and personal routers, continues evolving and poses significant cybersecurity threats. It has a history of executing massive DDoS attacks, including a major incident that...

Red Hat Undertow Security Vulnerability

Red Hat Undertow is a Java-based embedded web server from Red Hat and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from an attack on the learning-push handler when it is enabled and the maxAge parameter is not...

PT-2024-27050 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow, which requires the learning-push handler to be enabled in the server's config. By default, this handler is disabled. If enabled and the maxAge config...

The Emerging Role of AI in Open-Source Intelligence

Recently the Office of the Director of National Intelligence ODNI unveiled a new strategy for open-source intelligence OSINT and referred to OSINT as the "INT of first resort". Public and private sector organizations are realizing the value that the discipline can provide but are also finding tha...

Exploit for CVE-2018-14714

CVE-2018-14714 RCE exploit ASUS wifi router RCE vulnerability...

CVE-2024-39326

SkillTree (before version 2.12.6) is affected by a CSRF vulnerability in the POST-capable endpoint /admin/projects/{projectname}/skills/{skillname}/video (and likely others). The issue arises because the endpoint lacks CSRF mitigations (no SameSite cookie flag or CSRF token) and can perform state...