PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the “Facebook” module (pkfacebook) from Promokit.eu for PrestaShop. The vulnerability, CVE-2024-36680, allows a guest to perform SQL injection attacks on affected module versions. CVE-2024-36680 – Vulnerability Details The vulnerability stems from the Ajax…

Facebook PrestaShop module exploited to steal credit cards

bleepingcomputer.com - 23/Jun 14:08

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and...

Hackers attack HFS servers to drop malware and Monero miners

itsecuritynews.info - 04/Jul 13:32

Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software by exploiting a critical...

Fortra Patches Critical SQL Injection in FileCatalyst Workflow

itsecuritynews.info - 28/Jun 11:32

Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts. The post Fortra...

New MOVEit Transfer critical bug is actively exploited

securityaffairs.co - 26/Jun 19:54

Experts warn of active exploitation of a critical authentication bypass vulnerability in MOVEit Transfer file transfer software. Progress Software...

Ollama Vulnerability detailed out -CVE-2024-37032

thecyberthrone.in - 25/Jun 02:24

Security researchers from Wiz. details about a vulnerability discovered in Ollama, the open-source infrastructure project

RegreSSHion Vulnerability -CVE-2024-6387

thecyberthrone.in - 01/Jul 15:53

Qualys has revealed details about a security vulnerability they have discovered within the OpenSSH server

Critical GitLab Bug Lets Attackers Run Pipelines as Any User

itsecuritynews.info - 29/Jun 06:06

A critical vulnerability has been discovered in certain versions of GitLab Community and Enterprise Edition products. This vulnerability allows an...

Qualys discovers critical vulnerability in OpenSSH server

biznesstransform.com - 02/Jul 10:54

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in...

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway

itsecuritynews.info - 26/Jun 08:32

A critical security vulnerability, CVE-2024-5806, has been found in MOVEit Transfer, a popular file transfer software. The vulnerability allows...

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

securityaffairs.co - 23/Jun 08:23

Threat actors are actively exploiting a recently discovered vulnerability in SolarWinds Serv-U software using publicly available proof-of-concept...

Rubriques :