Azure File Sync Agent v17.3 Release – June 2024 (KB5039814)

Security Update for Azure File Sync agent version 17.3.0.0. For more details, see the associated Microsoft Knowledge Base article...

US residents targeted by utility scammers on Google

Back in February, we reported on malicious ads related to utility bills electricity, gas that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Checkpoint POC Exploit for testing purposes to retrieve sen...

CVE-2023-1111

A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2023-1111 FastCMS New Article Tab cross site scripting

A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2023-1111 FastCMS New Article Tab cross site scripting

A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been...

Ecshop 安全漏洞

ShopeX ECShop is an open source mall system of the Chinese business school ShopeX company . Support PC + H5 + APP + small program mall, source code free download experience, suitable for enterprise development and build mall. Ecshop 3.6 version of a security vulnerability, the vulnerability stems...

WordPress plugin EAN for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

2024-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5037768)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)

Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

PT-2024-24463 · Logint · Logint Lomag Inventory Management

Name of the Vulnerable Software and Affected Versions: LOGINT LoMag Inventory Management versions 1.0.20.120 and before Description: The issue allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop, and frmSettings components. This is a SQL Injection...

CVE-2024-33338

Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request...

CVE-2024-33338

Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request...

jizhicms 安全漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from Extreme Networks Technology, China. A security vulnerability exists in jizhicms version v.2.5.4. A remote attacker could exploit the vulnerability to obtain sensitive information via a specially...

CVE-2024-33338

Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request...

CVE-2024-33338

CVE-2024-33338 concerns jizhicms v2.5.4. The vulnerability is a Cross Site Scripting (XSS) flaw where content submitted via a crafted article publication request can disclose sensitive information. Red Hat and other sources corroborate XSS in jizhicms, noting that the content filtering happens cl...

CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to...

PT-2024-25425 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad versions prior to 6.3.0 Description: An issue was discovered where the Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. This could allow an attacker to brute force these IDs and upload malicious conte...

CVE-2024-33668

An issue in Zammad prior to 6.3.0 affects the Upload Cache: insecure, partially guessable FormIDs identify content, enabling brute-force attempts to upload malicious content to article drafts the attacker cannot access. Impact is high (CVE-2024-33668) with the base CVSS v3.1 score of 9.1 (NETWORK...

CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to...