CyberSecurityBoard
Sponsor Register Login

CVE-2024-1113

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471.

Publication date: Thu, 01 Feb 2024 02:15:00 +0000


Cyber News related to CVE-2024-1113

Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
1 year ago Microsoft.com
Microsoft Disabled App Installer Abused by Hackers - Threat actors, particularly those with financial motivations, have been observed spreading malware via the ms-appinstaller URI scheme. As a result of this activity, Microsoft has disabled the ms-appinstaller protocol handler by default. The ...
1 year ago Cybersecuritynews.com
Microsoft Implements Disablement of Widely Exploited MSIX App Installer Protocol Due to Malware Attacks - On Thursday, Microsoft announced the reactivation of the ms-appinstaller protocol handler, reverting it to its default state due to widespread exploitation by various threat actors for malware dissemination. The Microsoft Threat Intelligence team ...
1 year ago Cysecurity.news
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
4 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
11 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
8 months ago Tenable.com
CVE-2024-10013 - In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. ...
3 months ago Tenable.com
CVE-2024-50035 - In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is ...
4 months ago Tenable.com
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
4 months ago Tenable.com
CVE-2024-50083 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending ...
3 months ago Tenable.com
CVE-2024-57896 - In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() ...
1 month ago Tenable.com
CVE-2024-1113 - A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is ...
1 year ago
CVE-2012-2405 - Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. ...
7 years ago
CVE-2021-1113 - NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all ...
2 years ago
CVE-2008-1113 - Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) ...
16 years ago
CVE-1999-1113 - Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier on MacOS systems allows remote attackers to cause a denial of service via a long USER command to port 106. ...
8 years ago
CVE-2015-1113 - The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. ...
8 years ago
CVE-2003-1113 - The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG ...
7 years ago
CVE-2004-1113 - SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. ...
7 years ago
CVE-2005-1113 - Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) ...
7 years ago
CVE-2017-1113 - IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...
7 years ago
CVE-2010-1113 - Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php. ...
7 years ago
CVE-2013-1113 - Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. ...
1 year ago
CVE-2001-1113 - Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command. ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)