Aggregator

A vulnerability was found in Opera Web Browser 6.05/6.06 and classified as critical. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation as part of Username leads to memory corruption. This vulnerability is handled as CVE-2003-1387. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in PHP up to 5.0.2. Affected is the function addslashes of the file /0 of the component magic_quotes_gpc. The manipulation leads to path traversal. This vulnerability is traded as CVE-2004-1020. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows XP and classified as critical. This vulnerability affects unknown code of the file helpctr.exe of the component Help Center. The manipulation leads to memory corruption. This vulnerability was named CVE-2001-0909. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 2.6.16.11. It has been classified as critical. This affects an unknown part of the component SMBFS/CIFS. The manipulation with the input ../ leads to path traversal. This vulnerability is uniquely identified as CVE-2006-1863. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iCloud up to 10.7 on Windows. It has been classified as critical. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2019-8820. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The identification of this vulnerability is CVE-2025-0974. The attack may be initiated remotely. Furthermore, there is an exploit available.

新年快乐！

新年快乐！

新年快乐！

新年快乐！

新年快乐！

新年快乐！

Submit #489672 / VDB-294365

A vulnerability, which was classified as critical, was found in APNGDis up to 2.8. Affected is an unknown function of the component Filename Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-6191. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of … More →

The post Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers appeared first on Help Net Security.

A vulnerability classified as problematic was found in Accscripts Acc PHP eMail 1.1. This vulnerability affects unknown code of the file index.php of the component Change Password. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2009-4906. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Opera Web Browser up to 7.10 and classified as critical. This issue affects some unknown processing of the component File Extension Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2003-1396. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Ismail Fahmi Ganesha Digital Library 4.2. Affected by this vulnerability is an unknown functionality of the file download.php. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2014-100031. The attack can be launched remotely. Furthermore, there is an exploit available.