Aggregator

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063伴随数字化转型的深入发展，新质生产力正不断加速传统与现代动能的转换。在此其中，数字安全成为了保障数字经济健康发展的坚实基

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 北京航空航天大学教授、博士生导师 裴炜2024 年 8 月 8 日，联合国打击网络犯罪公约特设委员会通过了《联合

A vulnerability has been found in Apple macOS up to 10.12.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to improper access controls (Address). This vulnerability is known as CVE-2017-2486. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.9.9. Affected is the function cachefiles_req. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-42250. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Com Dtregister 2.2.3 on Joomla. Affected is an unknown function of the file index.php. The manipulation of the argument eventId leads to sql injection. This vulnerability is traded as CVE-2008-3265. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in AlstraSoft Affiliate Network Pro. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument pgm leads to sql injection. This vulnerability is traded as CVE-2008-3240. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical has been found in Blackice Black Ice Document Imaging SDK 10.95. This affects the function opengiffile in the library bigif.dll of the file biimgfrm.ocx of the component ActiveX Control. The manipulation of the argument string leads to memory corruption. This vulnerability is uniquely identified as CVE-2008-3209. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPizabi 0.848b and classified as very critical. This issue affects the function writelogentry of the component File Upload. The manipulation of the argument CONF[LOCALE_LONG_DATE_TIME] leads to improper input validation. The identification of this vulnerability is CVE-2008-3239. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TheHockeyStop HockeySTATS Online 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument divid leads to sql injection. This vulnerability is traded as CVE-2008-7085. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PhotoPost PhotoPost vBGallery 2.4.2. This affects an unknown part of the file upload.php of the component File Upload. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2008-7088. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Linuxwebshop php Help Agent 1.0. This affects an unknown part. The manipulation of the argument content leads to path traversal. This vulnerability is uniquely identified as CVE-2008-3385. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

朋友，你还在苦苦寻觅代码审计更便捷的方式么？本周不仅有Yakit SyntaxFlow界面上新更有全新网页端代码扫描小工具一键启动代码审计！谁说这代码审计老啊？这代码审计可太棒了！代码审计功能：项目管

A vulnerability, which was classified as problematic, has been found in Apple macOS up to 10.12.3. This issue affects some unknown processing of the component tiffutil. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2016-9539. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士qBittorrent 修复了该应用中负责管理下载的组件 DownloadManager 中因 SSL/TLS 验证失败引发的远程代码执行漏洞。该漏

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士LottieFiles 的一个开发者账户遭攻陷，被用于洗劫用户的密币钱包。LottieFiles 的热门网站动画插件 LittiePlayer 最为

A vulnerability was found in LibTIFF 4.0.6. It has been rated as critical. Affected by this issue is the function readContigTilesIntoBuffer of the file tools/tiffcrop.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2016-9539. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Grassroots DICOM up to 2.6.1 and classified as very critical. This vulnerability affects the function ImageRegionReader::ReadIntoBuffer of the file MediaStorageAndFileFormat/gdcmImageRegionReader.cxx. The manipulation leads to numeric error. This vulnerability was named CVE-2015-8396. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

FaceDancer FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs. FaceDancer performs two main functions: Recon: Scans a given DLL to create the export definition file for proxying. Attack: Creates a malicious...

The post FaceDancer: An exploitation tool aimed at creating hijackable, proxy-based DLLs appeared first on Penetration Testing Tools.

CloudShovel CloudShovel is a tool designed to search for sensitive information within public or private Amazon Machine Images (AMIs). It automates the process of launching instances from target AMIs, mounting their volumes, and scanning...

The post CloudShovel: scanning public or private AMIs for sensitive files and secrets appeared first on Penetration Testing Tools.

Network Flight Recorder NFR is a lightweight application which processes network traffic using the AlphaSOC Analytics Engine. NFR can monitor log files on disk (e.g. Microsoft DNS debug logs, Bro IDS logs) or run as a network...

The post Network Flight Recorder: score network traffic and flag anomalies appeared first on Penetration Testing Tools.