EUVD-2024-24362

Malicious code in bioql PyPI...

EUVD-2024-24363

Malicious code in bioql PyPI...

SoK: Measuring What Matters for Closed-Loop Security Agents

Cybersecurity is a relentless arms race, with AI driven offensive systems evolving faster than traditional defenses can adapt. Research and tooling remain fragmented across isolated defensive functions, creating blind spots that adversaries exploit. Autonomous agents capable of integrating, explo...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...

CVE-2024-27114

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...

CVE-2024-27115

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

PT-2024-4972 · Microsoft · Dynamics 365

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 On-Premises affected versions not specified Description: The issue is related to improper authorization in the local software tool for resource planning in Microsoft Dynamics 365 On-Premises. Exploitation of this issue...

Grow, Develop, and Impact More Than Just Your Career: Software Engineering at Rapid7 Belfast

Growth and learning – in any career at any level – are imperative for job satisfaction and company commitment. While it is necessary to have inherent curiosity as well as a desire to grow and achieve, it is also important to work for an organization that encourages and enables this curiosity and...

SOPlanning Cross-Site Request Forgery Vulnerability (CNVD-2020-10484)

SOPlanning is an online planning tool for efficiently organizing projects and tasks. SOPlanning 1.45 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to arbitrarily change the administrator password via process/xajaxserver.php...

SOPlanning SQL Injection Vulnerability

SOPlanning is an online planning tool. A SQL injection vulnerability exists in SOPlanning version 1.45. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the vulnerability to execute illegal SQL commands...

Security Bulletin: IBM System Planning Tool for POWER processor-based systems (TESTING NOTIFICATION)

Summary IBM System Planning Tool for POWER processor-based systems Vulnerability Details Overview Download Releases Support Current version IBM System Planning Tool - Version 6.18.047.0 EXE, 192MB Important note for Symantec Endpoint Protection Users: In order to avoid problems with the download ...

HPE Synergy Planning Tool Remote Arbitrary Code Execution Vulnerability

HPE Synergy Planning Tool is prone to remote arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

HPE Synergy Planning Tool Detection (Windows SMB Login)

Detects the installed version of HPE Synergy Planning Tool. The script logs in via smb, searches for SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Remote Code Execution Vulnerability in Multiple HPE Products

HPE Synergy Planning Tool and others are products of Hewlett Packard Enterprise HPE, U.S. HPE Synergy is a suite of platforms that leverage fluid resource pooling, software-defined intelligence, and unified APIs to provide organizations with a platform for continuous optimization of legacy and...

SO Planning 1.32 - Multiple Vulnerabilities

SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and prior Product description: SO Planning is an...