Aggregator

近日看到几张网络安全在线培训的截图，扯个闲淡。授课，不是单纯地说技术水平高就可以。技术水平在这件事里，可能是排到最后面的。

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. This vulnerability is uniquely identified as CVE-2025-4076. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input "><script>alert(1)</script> leads to cross site scripting. This vulnerability is handled as CVE-2025-4075. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #560232 / VDB-306513

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is known as CVE-2025-4074. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #560212 / VDB-306512

A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. This vulnerability is traded as CVE-2025-4073. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-4072. The attack may be initiated remotely. Furthermore, there is an exploit available. Multiple parameters might be affected.

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. This vulnerability was named CVE-2025-4071. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #559983 / VDB-306511

A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4070. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #559976 / VDB-306507

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-4069. An attack has to be approached locally. Furthermore, there is an exploit available.

Submit #559947 / VDB-306510

Submit #559939 / VDB-306509

Submit #559904 / VDB-306508

Submit #559620 / VDB-306507