383 matches found
MAL-2024-6460 Malicious code in activemodel-behavior-validator (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-6129
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
CVE-2024-6128
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...
CVE-2024-6129
CVE-2024-6129 affects spa-cartcms 1.9.0.6, specifically the Username Handler component’s /login function where manipulating the email argument causes observable behavior differences. All connected sources confirm remote exposure with high attack complexity and a disclosed exploit; exploitation st...
CVE-2024-6129 spa-cartcms Username login observable behavioral discrepancy
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...
CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...
CVE-2024-6128
Spa-Cartcms (spa-cartcms) v1.9.0.6 Checkout Page has a vulnerability in the /checkout processing where manipulating the quantity argument with -10 enforces a behavioral workflow. The issue is remotely triggerable and publicly disclosed. The PT-2024-37404 entry provides concrete details and recomm...
Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM
Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report...
Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack
By Deeba Ahmed Veriti Research exposes surge in Androxgh0st attacks, exploiting CVEs and building botnets for credential theft. Patch systems, monitor for web shells, and use behavioral analysis to protect yourself. This is a post from HackRead.com Read the original post: Androxgh0st Malware...
Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite
Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control C2...
Navigating the Waters of Generative AI
Part I: The Good and the Bad of AI Few would argue that 2023 was the year AI, specifically generative AI Gen AI like ChatGPT, was discussed everywhere. In October, Forrester published a report about how security tools will leverage AI. The findings in that report showed that Gen AI would augment...
Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions
By Owais Sultan Beneath the surface of those analytical gear lies a crucial element that regularly shapes the future of investments… This is a post from HackRead.com Read the original post: Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions...
Wallarm’s Crusade Against Rising Credential Stuffing Threats
Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of using the same password for various accounts. This behavior parallels the risk of using a universal key for...
Chatbots and Human Conversation
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you...
CVE-2023-5921
Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...
CVE-2023-5921
Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396...
CVE-2023-5921
CVE-2023-5921 affects DECE Software Geodi prior to version 8.0.0.27396. The issue is described as an improper enforcement of behavioral workflow that allows a functionality bypass . The material explicitly ties this to Geodi and a version boundary; no exploit details are provided. The recommended...
CVE-2023-5921 Function Bypass in Geodi
Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...
DECE Software Geodi Security Vulnerability
DECE Software Geodi is DECE Software's semantic search, GIS and discovery platform based on artificial intelligence and natural language processing. A security vulnerability exists in DECE Software Geodi versions prior to 8.0.0.27396 that stems from the presence of a behavioral workflow execution...