5335 matches found
CVE-2024-4577
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
CVE-2024-4577 Argument Injection in PHP-CGI
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
CVE-2024-4577
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
CVE-2024-4577
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...
Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide
An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight aka Cyclops 2.0 ransomware first arrived in May 2023, employing double extortion tactics to...
CVE-2024-1272
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1...
CVE-2024-1272
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1...
CVE-2024-1272
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1...
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1...
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1...
Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability
Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Employee and Visitor Gate Pass Logging System - SQLi Authentication Bypass Exploit Author: Furkan Eren Tetik Vendor Homepage:...
Employee And Visitor Gate Pass Logging System 1.0 SQL Injection
Exploit Title: Employee and Visitor Gate Pass Logging System - SQLi Authentication Bypass Date: 29.05.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...
Reaper - Proof Of Concept On BYOVD Attack
Reaper is a proof-of-concept designed to exploit BYOVD Bring Your Own Vulnerable Driver driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit the driver to perform malicious actions. Reaper was...
CVE-2021-47546
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppressprefix rule is present in the IPv6 routing rules used by certain tools such as wg-quick. I...
House Rental Management System SQL注入漏洞
House Rental Management System is a house rental management system by Carlo Montero Personal Developer. SourceCodester Best House Rental Management System 1.0 and prior versions have a SQL injection vulnerability that originates in the parameter id of the file manage payment.php that can lead to...
CVE-2021-47546 ipv6: fix memory leak in fib6_rule_suppress
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppressprefix rule is present in the IPv6 routing rules used by certain tools such as wg-quick. I...
Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024
In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...
Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web
By Waqas Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from… This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web...
CVE-2024-31844
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside a...