Aggregator

A vulnerability, which was classified as critical, was found in TOTOLINK CP900 6.3c.1144_B20190715. This affects the function setUpgradeUboot. The manipulation of the argument FileName leads to command injection. This vulnerability is uniquely identified as CVE-2025-44854. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in TOTOLINK CA600-PoE 5.3c.6665_B20180820. It has been classified as critical. Affected is the function CloudSrvUserdataVersionCheck. The manipulation of the argument Version leads to command injection. This vulnerability is traded as CVE-2025-44841. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in TOTOLINK CA600-PoE 5.3c.6665_B20180820. It has been declared as critical. Affected by this vulnerability is the function CloudSrvUserdataVersionCheck. The manipulation of the argument svn leads to command injection. This vulnerability is known as CVE-2025-44840. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in IBM WebSphere Application Server up to 6.1.0.10. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2008-4111. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple QuickTime 7.5.5 and classified as very critical. Affected by this issue is the function Check_stack_cookie. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2008-4116. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Microsoft Internet Explorer 7/8 Beta. This vulnerability affects the function CDwnTaskExec::ThreadExec in the library Mshtml.dll of the component PNG Image Handler. The manipulation leads to improper resource management. This vulnerability was named CVE-2008-4127. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sun Solaris 8/9/10. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2008-4131. Attacking locally is a requirement. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Sun Solaris. Affected is an unknown function of the component Access Control List. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2008-4160. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

鉴于人工智能证据的底层逻辑来源于机器学习的科学性，可通过公布算法的历史准确率进行实证检验，以增强裁判结果的公信力。

Lovable, which is a Vibe coding company, announced that Claude 4 has reduced its errors by 25% and made it faster by 40%. [...]

A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. This vulnerability is handled as CVE-2025-5156. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Clever Copy 2.0. It has been classified as problematic. This affects an unknown part of the file results.php. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2005-2324. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in AOL Instant Messenger 4.5/4.7. This issue affects some unknown processing of the component aim URL Handler. The manipulation of the argument META HTTP-EQUIV with the input refresh leads to basic cross site scripting. The identification of this vulnerability is CVE-2002-2169. The attack may be initiated remotely. Furthermore, there is an exploit available.

针对移动客户端的安全测试，由于端的差异（Android/IOS/鸿蒙），使用到的工具也会不太一样。不过需要关注以下两方面： 1、安全漏洞：纯客户端的漏洞，比如权限相关不安全的设置、本地明文存储敏感信息；客户端到业务端的漏洞，比如协议存在缺陷、服务端对应端口服务的业务漏洞等； 2、隐私合规：国内监管检查的比较多，检测方法与工具比较成熟，是一个必须关注的问题面。 漏洞方面的检测工具，可以分为代码层面的静态检测、apk静态检测、手工做安全测试，模拟器、抓包工具等都比较常见；隐私合规方面，主要推荐商业的工具吧，开源的好像也有但没用过。 PS：鸿蒙应用的安全测试技术与需求正在增长，目前还没见到比较全的方法，对于移动客户端安全的同学来说，是一次超车的机会。 更多内容，可以访问： 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ 如何在隔离环境中修复大量的Java漏洞？ SDL如何做成平台化以及价值？ SDL 64/100问：安全SDK提供安全API是怎么做的？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 从安全视角，看研发安全 数字化转型下的研发安全痛点 一个思考：安全测试驱动产品安全？ 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、软件供应链安全 软件供应商面临的攻防实战风险 软件供应商实战对抗十大安全举措 软件供应商攻防常规战之SDL 软件供应链投毒事件应急响应 浅谈企业级供应链投毒应急安全能力建设 5、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟 应急能力提升：内网横向移动攻击模拟 应急能力提升：实战应急响应经验

A vulnerability was found in Opera Web Browser up to 7.19. It has been classified as critical. This affects an unknown part. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2008-4200. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Gentoo cman 2.02.00. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to link following. This vulnerability was named CVE-2008-4580. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Red Hat CMAN 2.03.03-1/2.03.04-1/2.03.05-1/2.03.07-1/2.03.08-1. Affected by this issue is some unknown functionality of the file cluster.conf. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2008-6560. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.