Aggregator

信息安全工作，总会被人分成甲方和乙方，甲乙方原本只是商务层面需方和供方的代称，在安全领域，成了做公司内部安全和为客户提供安全的区别。通常意义上，什么是甲方安全人员呢？就是在非安全业务的公司从事信息安全工作的人。什么是乙方安全人员呢？就是在主业是安全业务的公司从事信息安全工作的人。由于多年以来的刻板印象，似乎技术人员都不大倾向在乙方工作，对于乙方安全工作的印象是：工作贼多、收入贼少、福利稀少、管理混

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. This vulnerability is traded as CVE-2024-9906. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-9905. The attack may be initiated remotely. Furthermore, there is an exploit available.

在澳大利亚 ABC 披露科沃斯扫地机器人存在安全漏洞容易遭黑客入侵之后，过去几天美国各地都出现了科沃斯机器人被黑客入侵的报告。受影响的型号是 Deebot X2，黑客控制了机器人后使用其内置的扬声器发出种族歧视或仇恨言论。一名受害者是明尼苏达州的律师 Daniel Swenson，他看电视时听到机器人发出奇怪的声音，他修改了密码重启了设备，但没有效果。在洛杉矶，科沃斯机器人报告追着狗跑，同时还发出仇恨言论。

Submit #422612 / VDB-280182

Submit #422606 / VDB-280181

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. This vulnerability was named CVE-2024-9904. The attack can be initiated remotely. Furthermore, there is an exploit available. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-9903. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

20个AI翻译工具。

第四届全国开源情报技术大会（COSINT 2024）将于2024年10月26日至27日在湖北武汉召开。大会由中国中文信息学会开源情报技术专业委员会主办，湖北大学和北京中科闻歌科技股份有限公司联合承办。

Submit #421686 / VDB-280180

Submit #421685 / VDB-280179

A vulnerability, which was classified as critical, has been found in Myupb Flat PHP Board up to 1.2. This issue affects some unknown processing of the file index.php of the component User Account. The manipulation leads to code injection. The identification of this vulnerability is CVE-2007-6396. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Flat PHP Board 1.2. Affected is an unknown function of the file index.php of the component User Account. The manipulation of the argument username leads to path traversal. This vulnerability is traded as CVE-2007-6397. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Sergey Lyubka HTTPD up to 1.38. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2007-6404. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Sergey Lyubka HTTPD 1.34/1.35/1.38. Affected by this issue is some unknown functionality of the component CGI Program. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2007-6405. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Flat PHP Board 1.2. This vulnerability affects unknown code of the file username].php of the component User Account. The manipulation leads to improper access controls. This vulnerability was named CVE-2007-6395. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PolDoc Poldoc Document Management System 0.96. It has been classified as problematic. This affects an unknown part of the file download_file.php. The manipulation of the argument filename leads to path traversal. This vulnerability is uniquely identified as CVE-2007-6400. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in MWOpen E-Commerce 0/1.4. Affected by this issue is some unknown functionality of the file leggi_commenti.asp. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2007-6292. The attack may be launched remotely. Furthermore, there is an exploit available.

Online brand impersonation is an insidious threat compared to more straightforward attacks. Ransomw