Aggregator
.NET 安全攻防知识交流社区
4 months 1 week ago
.NET 内网实战:通过 TcpListener 实现任意端口转发
4 months 1 week ago
Welcoming The Gambia National CSIRT to Have I Been Pwned
4 months 1 week ago
Today, we're happy to welcome the Gambia National CSIRT to Have I Been Pwned as the 38th government to be onboarded with full and free access to their government domains. We've been offering this service for seven years now, and it enables national CSIRTs to gain
Troy Hunt
未履行网络安全与数据安全保护义务,上海多家互联网医疗企业被处罚通报
4 months 1 week ago
有企业服务器遭境外IP访问,数据被窃取
(图作者 | @Aoemax)
4 months 1 week ago
(图作者 | @Aoemax)
4 months 1 week ago
5·1劳动节 | 为劳动者喝彩!
4 months 1 week ago
5·1劳动节 | 为劳动者喝彩!
4 months 1 week ago
Digital Forensics Lab: Free hands-on digital forensics labs for students and faculty
4 months 1 week ago
Digital Forensics Lab & Shared Cyber Forensic Intelligence Repository Features of Repository Interactive Digital Forensics Labs: Tailored for students and faculty engagement Linux-Centric Lab Environment: Utilizes Kali Linux exclusively for all labs Visual Learning Support: Each lab...
The post Digital Forensics Lab: Free hands-on digital forensics labs for students and faculty appeared first on Penetration Testing Tools.
ddos
Weekly Report: JPCERT/CCが「Ivanti Connect Secureに設置されたマルウェアDslogdRAT」に関するブログを公開
4 months 1 week ago
本ブログでは、Ivanti Connect Secureの脆弱性を利用して設置されたマルウェアとして、2024年12月ごろに国内の組織に対する当時のゼロデイ脆弱性CVE-2025-0282を使った攻撃によって設置されたWebシェルとマルウェアDslogdRATについて解説します。
CVE-2002-0338 | Ritlabs The Bat 1.53d/1.54beta MS DOS Device Name denial of service (EDB-21307 / XFDB-8303)
4 months 1 week ago
A vulnerability was found in Ritlabs The Bat 1.53d/1.54beta. It has been rated as problematic. This issue affects some unknown processing of the component MS DOS Device Name. The manipulation leads to denial of service.
The identification of this vulnerability is CVE-2002-0338. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2022-43288 | Rukovoditel 3.2.1 view&type=php order_by sql injection
4 months 1 week ago
A vulnerability, which was classified as critical, has been found in Rukovoditel 3.2.1. Affected by this issue is some unknown functionality of the file /rukovoditel/index.php?module=logs/view&type=php. The manipulation of the argument order_by leads to sql injection.
This vulnerability is handled as CVE-2022-43288. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2022-3632 | DigitialPixies OAuth Client Plugin up to 1.1.0 on WordPress cross-site request forgery
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in DigitialPixies OAuth Client Plugin up to 1.1.0 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2022-3632. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2021-40272 | ITRS OP5 Monitor 8.3.1/8.3.2/8.3.3 cross site scripting
4 months 1 week ago
A vulnerability classified as problematic has been found in ITRS OP5 Monitor 8.3.1/8.3.2/8.3.3. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2021-40272. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2022-3903 | Linux Kernel Infrared Transceiver USB Driver type confusion
4 months 1 week ago
A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is some unknown functionality of the component Infrared Transceiver USB Driver. The manipulation leads to type confusion.
This vulnerability is handled as CVE-2022-3903. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com
CVE-2022-30773 | insyde Kernel prior 05.44.23/05.52.23 IhisiSmm Driver toctou
4 months 1 week ago
A vulnerability has been found in insyde Kernel and classified as problematic. This vulnerability affects unknown code of the component IhisiSmm Driver. The manipulation leads to time-of-check time-of-use.
This vulnerability was named CVE-2022-30773. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-32266 | insyde Kernel SMI out-of-bounds write
4 months 1 week ago
A vulnerability was found in insyde Kernel and classified as critical. This issue affects some unknown processing of the component SMI Handler. The manipulation leads to out-of-bounds write.
The identification of this vulnerability is CVE-2022-32266. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-33907 | insyde Kernel IdeBusDxe Driver buffer overflow
4 months 1 week ago
A vulnerability, which was classified as critical, was found in insyde Kernel. Affected is an unknown function of the component IdeBusDxe Driver. The manipulation leads to buffer overflow.
This vulnerability is traded as CVE-2022-33907. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-33982 | insyde Kernel Int15ServiceSmm toctou
4 months 1 week ago
A vulnerability was found in insyde Kernel. It has been classified as problematic. This affects an unknown part of the component Int15ServiceSmm. The manipulation leads to time-of-check time-of-use.
This vulnerability is uniquely identified as CVE-2022-33982. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com