Aggregator

主站 分类 漏洞 工具 极客

苹果iOS和macOS系统中被曝光一个关键的安全漏洞，若被成功利用可能会绕过TCC框架，导致用户敏感信息被未经授权访问。

A vulnerability classified as problematic was found in Duplicator Plugin 0.5.10/1.1.3/1.2.32/1.3.0/1.4.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-2552. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

原创漏洞 1. 摘要 这篇文章旨在介绍西门子博途19可以导致任意代码执行的反序列化漏洞，该漏洞会在任 […]

原创漏洞-西门子博途19全局配置文件反序列化漏洞分析 日期：2024年12月16日 阅：66

A vulnerability was found in Oracle Banking Virtual Account Management 14.1.0/14.3.0/14.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Common Core. The manipulation leads to open redirect. This vulnerability is known as CVE-2019-11269. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel 2.4. It has been declared as problematic. Affected by this vulnerability is the function copy_to_user of the component USB Driver. The manipulation leads to information disclosure. This vulnerability is known as CVE-2004-0685. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

OverviewRecently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the A

Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS […]

The post Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677) appeared first on Security Boulevard.

Cable Cable is a simple post-exploitation tool used for enumeration and further exploitation of Active Directory environments. This tool was primarily created to learn more about .NET offensive development in an Active Directory context,...

The post Cable: .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation appeared first on Penetration Testing Tools.

BOAST The BOAST Outpost for AppSec Testing BOAST is a server built to receive and report Out-of-Band Application Security Testing reactions.   Some application security tests will only cause out-of-band reactions from the tested...

The post BOAST: The BOAST Outpost for AppSec Testing appeared first on Penetration Testing Tools.

Zeek Network Security Monitor Zeek is a powerful framework for network analysis and security monitoring. It is a powerful system that on top of the functionality it provides out of the box, also offers...

The post Zeek Network Security Monitor: powerful network analysis framework appeared first on Penetration Testing Tools.

Mark Gurman：苹果 AR 智能眼镜短期内不会发布 ​卢伟冰称小米汽车正在扩大产能 小鹏汇天飞行汽车「陆地航母」上海首飞成功