Aggregator

Submit #434841 / VDB-282621

A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The identification of this vulnerability is CVE-2024-10608. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. This vulnerability was named CVE-2024-10607. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-10605. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #434785 / VDB-282617

Submit #434773 / VDB-282616

龙芯最近几年模仿英特尔的 tock-tick 策略加速其 CPU 的迭代。tock 代表架构创新，而 tick 代表用新工艺制造现有架构。龙芯过去三代产品都采用了 tick-tock 策略，但从第四代起它将采用新的 tock-tock2-tick 的策略，在采用新工艺节点前进行额外进行一次架构优化。tock-tock2-tick 策略的第一批 tock 产品是 3A6000,、3B6000M 和 3C6000，第二批 tock 产品是 3A6600、3B6600 和 3C6600，其中 3B6600 的性能据报道与英特尔 12 代和 13 代 CPU 相当，将于 2025 年发布，时钟频率为 3 GHz。它的下一代使用 7 纳米工艺的处理器有可能挑战 Zen 5 和 Arrow Lake。

Paged at 3 a.m. again … we had another breach to respond to in the security operations center (SOC). While the incident response team was busy delegating roles and responsibilities, I was just starting my investigation into root cause analysis. But something was bugging me: We couldn’t figure out how the intruder had gotten in, and we probably never will. I’m about to show you why. 

The post Application Detection and Response (ADR): A Game-changing SOC Analyst Tool | Contrast Security appeared first on Security Boulevard.

This article is based on the public release of Ghidra 11.2.Ghidra provides an ov

Submit #434756 / VDB-282615

The AI revolution in digital identity brings unprecedented security but at what cost? As AI systems become more sophisticated in protecting our digital lives, they require increasingly intimate access to our personal data, creating a critical trade-off between security and privacy.

The post The AI Paradox in Digital Identity: Why More Security Might Mean Less Privacy (And What to Do About It) appeared first on Security Boulevard.

Submit #434749 / VDB-282559

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. This vulnerability is handled as CVE-2024-10602. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. This vulnerability is known as CVE-2024-10601. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. This vulnerability is traded as CVE-2024-10600. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2024-10599. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. This vulnerability was named CVE-2024-10598. The attack can be initiated remotely. Furthermore, there is an exploit available.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

The prominent state-sponsored advanced persistent threat (APT), aka Jumpy Pisces, appears to be moving away from its primary cyber-espionage motives and toward wreaking widespread disruption and damage.

Submit #433499 / VDB-282614