Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence

U.S. Senator Ron Wyden has called on the Federal Trade Commission FTC to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks. "Without timely action,...

Oracle Hit with Lawsuit Over Alleged Cloud Breach Affecting Millions

Oracle faces a class action lawsuit filed in Texas over a cloud data breach exposing sensitive data of 6M+ users; plaintiff alleges negligence and delays...

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

The genetic testing company 23andMe filed for bankruptcy on Sunday, announcing that, in searching for financial stability through its sale to a new owner, the business will continue operating as normal, including in how customer data is handled. “The company intends to continue operating its...

Roblox called “real-life nightmare for children” as Roblox and Discord sued

Last week it was reported that a lawsuit has been initiated against gaming giant Roblox and leading messaging platform Discord. The court action—charging them with the facilitation of child predators and misleading parents into believing the platforms are safe to use for their children—centers...

CVE-2024-11238

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

CVE-2024-10135 ESAFENET CDG NetSecConfigService.java actionDelNetSecConfig sql injection

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

CVE-2024-10134

A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The...

CVE-2024-9003

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFileLoad.do of the component Attachment Handler. The manipulation of the argument oid leads to improper acce...

CVE-2024-8655

CVE-2024-8655 affects Mercury MNVR816 (up to 2.0.1.0.5). The issue concerns an unspecified part of the /web-static/ directory, allowing remote access to files or directories. The vulnerability enables an attacker to access files/directories over the network, with a network attack vector and no au...

CVE-2024-8577 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. T...

City of Columbus tries to silence security researcher

The City of Columbus, Ohio is suing a security researcher for sharing stolen data. All the complaint will accomplish, we imagine, is spotlight the ignorance of certain city officials in handling a common security matter. What happened is that the City of Columbus was attacked by a ransomware grou...

CVE-2024-8229 Tenda O6 operateMacFilter frommacFilterModify stack-based overflow

A vulnerability was found in Tenda O6 1.0.0.72054. It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. T...

CVE-2024-8166

CVE-2024-8166 concerns Ruijie EG2000K 11.1(6)B2. The vulnerability is in the code path unknown in the file /tool/index.php?c=download&a=save, where manipulation of the parameter content leads to unrestricted file uploads. The issue is exploitable remotely and has been publicly disclosed. Connecte...

CVE-2024-7898 Tosei Online Store Management System ネット店舗管理システム Backend default credentials

A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been...

CVE-2024-7897

A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/toseikikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attac...

CVE-2024-7614

CVE-2024-7614 affects Tenda FH1206 1.2.0.8(8155). The vulnerability is in the function fromqossetting of the file /goform/qossetting, where manipulating the argument page causes a stack-based buffer overflow. This can be exploited remotely. Public disclosure exists. A practical workaround from PT...

CVE-2024-4245 Tenda i21 formQosManageDouble_user stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.144656. Affected by this issue is the function formQosManageDoubleuser. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this...

CVE-2024-4064 Tenda AC8 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely...

CVE-2024-4019

CVE-2024-4019 affects Byzoro Smart S80 Management Platform (up to 20240411). The vulnerability is in an unknown function of /importhtml.php, where manipulation of the sql argument leads to deserialization. It enables a remote attack and the exploit has been disclosed publicly. Multiple sources (N...

CVE-2024-2268

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /productupdate.php?update=1. The manipulation of the argument updateimage leads to unrestricted upload. It is possible to launch the attack...