Skip to main content
Abstract art
Abstract art
Abstract art
Abstract art

For individuals

2 Jan 2025
Biztonsági szemle

Clickjacking protections evaded by novel exploit

Attacks using DoubleClickJacking commence with visits to a malicious site redirecting to a new tab or window without any user interaction, which will be followed by a CAPTCHA verification triggering a double-click that prompts the exploitation of the JavaScript Window Location object.
scmagazine.com
Read more
2 Jan 2025
Biztonsági szemle

'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.
darkreading.com
Read more
2 Jan 2025
Biztonsági szemle

AWS leveraged in EC2 Grouper attacks

After obtaining credentials from code repositories, EC2 Grouper utilizes PowerShell and other AWS tools to initiate compromise before exploiting APIs to enable reconnaissance and resource provisioning, as well as establish unique security groups while averting inbound access configuration.
scmagazine.com
Read more
2 Jan 2025
Biztonsági szemle

More details on widespread Chrome extension compromise emerge

While Google Groups and LinkedIn reports noted the campaign to have commenced in early December, such an attack may have been tested since March as evidenced by command-and-control subdomains discovered by BleepingComputer.
scmagazine.com
Read more
2 Jan 2025
Riasztás

NA - CVE-2024-56829 - Huang Yaoshi Pharmaceutical Management Software...

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.
security-database.com
Read more
2 Jan 2025
Riasztás

NA - CVE-2025-22214 - Landray EIS 2001 through 2006 allows...

Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.
security-database.com
Read more
2 Jan 2025
Riasztás

NA - CVE-2002-20002 - The Net::EasyTCP package before 0.15 for Perl...

The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.
security-database.com
Read more
2 Jan 2025
Riasztás

NA - CVE-2024-56830 - The Net::EasyTCP package 0.15 through 0.26 for...

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.
security-database.com
Read more
2 Jan 2025
Riasztás

NA - CVE-2024-11184 - The wp-enable-svg WordPress plugin through 0.7...

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts
security-database.com
Read more
2 Jan 2025
Riasztás

NA - CVE-2024-11357 - The goodlayers-core WordPress plugin before...

The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site...
security-database.com
Read more
Language
Type