#git

The severity of the Remote Code Execution – Microsoft SharePoint (CVE-2024-38094) vulnerability has increased. It was fixed as part of the July Microsoft Patch Tuesday (July 9). SharePoint is a popular platform for corporate portals. According to the Microsoft bulletin, аn authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code […]

Plus: Apple offers $1 million to hack its AI cloud infrastructure, Iranian hackers successfully peddle stolen Trump campaign docs, Russia hacks the nation of Georgia, and a “cyberattack” that wasn’t.

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said. "These emails contain attachments in the form of Remote Desktop Protocol ('.rdp'

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.