Aggregator

A vulnerability was found in FFmpeg 2.x. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP Live Stream Handler. The manipulation as part of M3U8 File leads to information disclosure. This vulnerability was named CVE-2016-1897. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in FFmpeg 2.x. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Live Stream Handler. The manipulation as part of M3U8 File leads to information disclosure. The identification of this vulnerability is CVE-2016-1898. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in ntpd up to 4.2.8p7. Affected by this issue is some unknown functionality of the component Autokey Handler. The manipulation leads to race condition. This vulnerability is handled as CVE-2016-4955. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Henry Spencer Regex Library on 32-bit and classified as critical. Affected by this vulnerability is the function regcomp. The manipulation leads to numeric error. This vulnerability is known as CVE-2015-2305. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Endeca Server 7.4.0.0/7.5.0.0/7.5.1.0/7.6.0.0/7.6.1.0 and classified as problematic. This issue affects some unknown processing of the component OpenSSL. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-3566. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Product Update Linux Forensics Rootkits MalwareDateJanuary 26, 2025AuthorThe Sandfly Security TeamSa

NetSupport恶意软件实战分析

利用合法服务逃避检测的C2框架集合

前言 针对全球主流TOP榜恶意软件家族进行实战分析，包含勒索病毒、远控木马、窃密木马、银行木马、APT攻击木马等。所有分析样本均为

相关的程序C2服务，如下所示：TelegramC2 Projects:https://github.com/3ct0s/disctopia-c2https://github.com/timebotdo

文章中涉及的漏洞均已修复，敏感信息均已做打码处理，文章仅做经验分享用途，切勿当真，未授权的攻击属于非法行为！0x01 加解密的意义相信大部分测试过app的好兄弟都被这个问题困扰过，app数据包部分字段

Name: x3CTF 2025 (feat. mvm) (an x3ctf event.)
Date: Jan. 24, 2025, 6 p.m. — 26 Jan. 2025, 18:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://x3c.tf/
Rating weight: 23.61
Event organizers: x3CTF

Name: TUCTF 2024 (an TU CTF event.)
Date: Jan. 24, 2025, 7 p.m. — 26 Jan. 2025, 19:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctfd.tuctf.com/
Rating weight: 28.60
Event organizers: ascii overflow

Name: HackDay 2025 - Qualifications (an HackDayCTF event.)
Date: Jan. 24, 2025, 8 p.m. — 26 Jan. 2025, 20:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://hackday.fr/
Rating weight: 19.90
Event organizers: HackDayCTF

Name: Codefest CTF 2025 (an Codefest CTF event.)
Date: Jan. 25, 2025, 12:30 p.m. — 27 Jan. 2025, 00:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://codefest-ctf.iitbhu.tech/
Rating weight: 23.98
Event organizers: Codefest

A vulnerability classified as critical was found in Chatelao PHP Address Book 8.2.5. Affected by this vulnerability is an unknown functionality of the component Address Book. The manipulation of the argument var leads to sql injection. This vulnerability is known as CVE-2013-0135. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Fiyo CMS 2.0.1.8. It has been declared as critical. Affected by this vulnerability is the function administrator of the file fiyo/dapur of the component Access Restriction. The manipulation of the argument view as part of Parameter leads to improper access controls. This vulnerability is known as CVE-2014-9148. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Oracle Database Server 11.2.0.4/12.1.0.2. Affected is an unknown function of the component DBMS_LDAP. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-3566. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Sun Data Center InfiniBand Switch 36 up to 2.2.1. Affected by this issue is some unknown functionality. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-3566. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.