Aggregator

A vulnerability classified as critical has been found in eFiction 1.1. This affects an unknown part of the file viewuser.php. The manipulation of the argument uid leads to sql injection. This vulnerability is uniquely identified as CVE-2005-4170. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Hangzhou Bobo Technology UU Game Booster 10.6.13 on iOS. This issue affects some unknown processing of the component Link Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-56951. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in KuGou Music 20.0.0 on iOS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-56948. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Guangzhou Polar Future Culture Technology University Search 2.27.0 on iOS. This affects an unknown part of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-56949. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in KuGou Concept 4.0.61 on iOS. This vulnerability affects unknown code of the component Link Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-56950. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in LearnDash 6.7.1 and classified as problematic. This issue affects some unknown processing of the component Profile Image Upload Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-56940. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in LearnDash 6.7.1. This vulnerability affects unknown code of the component ld-comment-body Class. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-56939. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Xiamen Meitu Technology BeautyCam 12.3.60 on iOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-56947. The attack can be launched remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 牛津市议会披露一起网络安全事件，导致现任及前任议会工作人员21年间的个人信息遭泄露。该英国地方政府证实，攻击者于2025年6月7日至8日周末期间侵入其网络，议会自动安全系统虽清除了攻击者并限制其系统访问权限，但攻击者仍获取了部分遗留系统的历史数据。 议会声明称：“现已确认，2001至2022年间参与议会选举事务的工作人员（含投票站工作人员和计票员）的个人信息可能遭窃，其中多数为现任或前任议会职员。”目前尚无证据表明泄露信息被第三方获取，也未发现数据被大规模下载或提取的痕迹。 议会已向可能受影响人群发送单独通知，说明事件详情、可获支持及防范措施。虽未公布具体泄露数据类型，但议会强调已向政府主管部门及执法机构报告，正开展全面调查以确认数据泄露范围。 事件处理期间，议会聘请外部网络安全专家对所有主系统进行停机检查，导致地方政府服务中断逾一周。议会就服务不便公开致歉，并确认当前邮件系统及数字服务平台已恢复安全运行。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 伊朗国家电视台18日晚遭黑客攻击，常规节目被中断播放，转而出现号召民众街头抗议政府的视频。多个消息源证实该事件。 伊朗国际电视台称伊朗政府指责以色列策划了本次攻击。伊朗国家电视台随后发表声明称：“如果您在收看电视节目时出现信号中断或无关画面，系敌方干扰卫星信号所致。” 本次攻击是近期伊朗境内一系列网络攻击的最新案例，此前多起攻击已被证实与以色列有关联组织相关。就在同一天，伊朗赛帕银行和最大加密货币交易所Nobitex亦遭黑客入侵。 其中Nobitex被窃取逾9000万美元资产，这一嚣张行径使得已持续十余年的以伊网络战争骤然升级。 区块链分析机构TRM实验室指出：“伊朗机构将虚拟资产同时作为金融变通手段和战略资产，用以支持包括扩散先进武器技术在内的地缘政治野心。最新事件说明加密货币交易所正从冲突边缘地带，成为各方势力的战略目标。” 此次事态发展的背景在于，以色列官员披露伊朗正劫持以色列境内的私人安防摄像头以获取实时情报，该手法与2022年俄罗斯入侵乌克兰后所用战术如出一辙。 以色列国家网络理事会前副总干事拉斐尔·弗朗哥证实：“过去两三天内，伊朗持续试图接入摄像系统，通过分析导弹落点信息提升打击精度。” 网络安全公司Radware数据显示，本轮冲突爆发后针对以色列的分布式拒绝服务攻击占黑客活动总量的近40%。6月17日，黑客组织DieNet警告称若美国加入对伊作战将发动网络攻击。 随后阿拉伯幽灵、锡尔赫特帮派等组织相继声援该声明，暗示地面战事胶着之际，网络空间正形成潜在联合阵线。Radware威胁情报总监帕斯卡尔·吉恩斯警示：“企业需保持最高警戒。网络战若持续升级，关键基础设施、供应链乃至跨国企业都将成为附带打击目标。” “2025年以伊冲突堪称现代混合战争的范本——比特流与信息战的战略地位已堪比导弹和炸弹。” CloudSEK在双份研究报告中披露，35余个亲伊朗组织已对以色列基础设施发动协同攻击，而亲以色列的黑客团体数量不足其半数。安全研究员帕吉拉·马诺哈尔·雷迪分析称：“攻击集中于对政府网站、军事系统和关键基础设施的DDoS攻击、网页篡改及数据窃取。” “最具特征的是，这些攻击延续了黑客团体夸大事实与散布虚假消息的一贯模式——将无关系统故障归功于己、重复利用旧数据泄露事件、虚报损失规模以博取关注，其实际作战效能极为有限。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic was found in Sun Solaris 10.0. This vulnerability affects unknown code of the file /proc of the component File System Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2006-0191. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Sun Solaris 8.1/8.2/9.0/9.1/10.0. Affected is an unknown function of the file lpsched of the component LP Print Service. The manipulation leads to denial of service. This vulnerability is traded as CVE-2006-0227. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Mozilla Thunderbird up to 1.5. It has been classified as critical. Affected is an unknown function of the component Attachment Handler. The manipulation as part of Filename leads to code injection. This vulnerability is traded as CVE-2006-0236. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Geronimo 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file cal2.jsp of the component Log Viewer. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2006-0254. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Foo Labs Xpdf. It has been classified as critical. This affects an unknown part of the file splash.cc. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-0301. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-6496. Local access is required to approach this attack. Furthermore, there is an exploit available.

Анатомия давления, которое не осознаётся.

A vulnerability, which was classified as problematic, has been found in cPanel. This issue affects some unknown processing of the file index.php. The manipulation of the argument sup3r leads to path traversal. The identification of this vulnerability is CVE-2008-6843. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Financial Services - Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack 8.0.4/8.0.5/8.0.6/8.0.7. Affected by this issue is some unknown functionality of the component jQuery. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2019-11358. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

· Sam Altman：GPT-5 之后，界面将近乎「消失」； · 马斯克：Grok 4 将重写人类所有知识库