[Meachines] [Easy] Previse EAR+Php files analysis RCE+TRP00F权限提升+Gzip路径劫持权限提升
#EAR #Php files analysis RCE #TRP00F权限提升 #Gzip路径劫持权限提升
Aggregator
从 IAM 松散管理到零信任架构:Sendbird AWS 安全实战演进实录
2 months 2 weeks ago
本文总结了 Sendbird 从初创期到成熟阶段的 AWS 安全实践。
CVE-2024-54015 | Siemens SIPROTEC 5 up to 9.89 default credentials (ssa-767615)
2 months 2 weeks ago
A vulnerability was found in Siemens SIPROTEC 5 up to 9.89 and classified as problematic. This issue affects some unknown processing. The manipulation leads to use of default credentials.
The identification of this vulnerability is CVE-2024-54015. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-45386 | Siemens SIMATIC PCS neo Session Token session expiration (ssa-342348)
2 months 2 weeks ago
A vulnerability has been found in Siemens SIMATIC PCS neo, SIMOCODE ES, SIRIUS Safety ES, SIRIUS Soft Starter ES and TIA Administrator and classified as very critical. This vulnerability affects unknown code of the component Session Token Handler. The manipulation leads to session expiration.
This vulnerability was named CVE-2024-45386. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200)
2 months 2 weeks ago
Users of iPhones and iPads that run iOS/iPadOS 18 and iPadOS 17 are urged to implement the latest updates to plug a security feature bypass vulnerability (CVE-2025-24200) exploited in the wild in “an extremely sophisticated” attack. The vulnerability (CVE-2025-24200) “A physical attack may disable USB Restricted Mode on a locked device,” Apple explained. USB Restricted Mode is a feature Apple introduced in 2018 to protect users against device unlocking (“cracking”) tools such as
The post Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) appeared first on Help Net Security.
Zeljka Zorz
Цифровое неравенство: как ИИ создаёт новые профессиональные элиты
2 months 2 weeks ago
Anthropic выяснила, каким специалистам не грозит замена ИИ.
2024年澳大利亚人每秒遭受一起网络攻击
2 months 2 weeks ago
安全客
邮件安全防护与溯源:从协议、防护到溯源
2 months 2 weeks ago
当今电子邮件已成为信息传递的重要渠道,但随之而来的邮件伪造问题不容忽视,文本介绍的是邮箱发送的基本协议以及防护策略,包括SPF、DKIM校验、DMARC策略等,以及邮件溯源的基本方法。
Apple Mitigates “Extremely Sophisticated” Zero-Day Exploit
2 months 2 weeks ago
Apple has patched a zero-day vulnerability being exploited in targeted attacks
Oracle, Microsoft, Amazon: кто станет новым владельцем TikTok в США
2 months 2 weeks ago
Пока пользователи ждут ответа, компании готовятся к крупнейшей сделке года.
黑客承认对美国SEC X账户进行SIM交换攻击
2 months 2 weeks ago
安全客
CVE-2025-0525 | Octopus Deploy Octopus Server information exposure
2 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Octopus Deploy Octopus Server. This affects an unknown part. The manipulation leads to information exposure through error message.
This vulnerability is uniquely identified as CVE-2025-0525. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-26408 | Wattsense Bridge JTAG Interface on-chip debug and test interface with improper access control
2 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Wattsense Bridge. Affected by this issue is some unknown functionality of the component JTAG Interface. The manipulation leads to on-chip debug and test interface with improper access control.
This vulnerability is handled as CVE-2025-26408. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com
《公共安全视频图像信息系统管理条例》发布
2 months 2 weeks ago
Hunters
2 months 2 weeks ago
cohenido
109 млрд евро на ИИ-превосходство: Франция готова к разгрому Кремниевой долины
2 months 2 weeks ago
Макрон достал козырь из рукава после анонса проекта Stargate.
一月漏洞信息简报
2 months 2 weeks ago
1月新收录漏洞481个,包含2025年首个满分漏洞。
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment
2 months 2 weeks ago
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn’t buy a car without knowing its
The Hacker News
CVE-2025-1229 | olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6 ?page=1&logfile=eee&match= path os command injection (IBJT1K)
2 months 2 weeks ago
A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument path leads to os command injection.
This vulnerability is known as CVE-2025-1229. The attack can be launched remotely. Furthermore, there is an exploit available.
This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
vuldb.com
CVE-2025-1228 | olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6 Logfile Update ?page=1&logfile=LOG_Monitor path path traversal (IBJSXS)
2 months 2 weeks ago
A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal.
This vulnerability is traded as CVE-2025-1228. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
vuldb.com