【安全圈】你的Linux服务器被攻击进行加密货币挖矿了吗?
关键词服务器攻击网络安全研究人员发现,针对Linux服务器进行加密货币挖矿和凭证窃取的复杂恶意软件Promet
Aggregator
CVE-2017-5899 | S-nail up to 14.8.15 root Helper randstr path traversal (EDB-47172 / BID-96138)
5 months 3 weeks ago
A vulnerability was found in S-nail up to 14.8.15. It has been rated as critical. This issue affects some unknown processing of the component root Helper. The manipulation of the argument randstr leads to path traversal.
The identification of this vulnerability is CVE-2017-5899. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat
5 months 3 weeks ago
Cybernews researchers reported that since the beginning of the year, they've detected 30 datasets containing 16 billion stolen credentials exposed on the internet, most of which had not been previously recorded and represent a massive trove of records that can be used in ransomware, phishing, BEC, and other attacks.
The post 16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat appeared first on Security Boulevard.
Jeffrey Burt
Stellar Repair For Outlook: A Comprehensive Review Of The Ultimate PST Repair Tool
5 months 3 weeks ago
Microsoft Outlook is a cornerstone of professional and personal communication, relied upon by millions for email management, calendaring, and task organization. However, Outlook’s Personal Storage Table (PST) files, which store emails, contacts, calendars, and other data, are prone to corruption due to various factors. When PST files become corrupted, users face disruptions, ranging from missing […]
The post Stellar Repair For Outlook: A Comprehensive Review Of The Ultimate PST Repair Tool appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Varshini
CVE-2010-4983 | iScripts CyberMatch 1.0 profile.php ID sql injection (EDB-14164 / BID-41300)
5 months 3 weeks ago
A vulnerability has been found in iScripts CyberMatch 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file profile.php. The manipulation of the argument ID leads to sql injection.
This vulnerability is known as CVE-2010-4983. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2019-11358 | Oracle Banking Platform up to 2.7.1 jQuery cross site scripting (EDB-52141 / Nessus ID 208606)
5 months 3 weeks ago
A vulnerability classified as critical has been found in Oracle Banking Platform up to 2.7.1. Affected is an unknown function of the component jQuery. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2019-11358. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Chrome扩展攻击指南(二):漏洞分析
5 months 3 weeks ago
结合漏洞案例,分析各组件的攻击面,最终绘制完整的攻击链路图
透明人
CVE-2005-3870 | edmobbs 0.9 edmobbs9r.php sql injection (EDB-26625 / BID-15589)
5 months 3 weeks ago
A vulnerability was found in edmobbs 0.9. It has been rated as critical. This issue affects some unknown processing of the file edmobbs9r.php. The manipulation leads to sql injection.
The identification of this vulnerability is CVE-2005-3870. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
【资料】伊朗最新消息特别报道-2025年6月21日(阅读时请注意分辨内容里的双标)
5 months 3 weeks ago
伊朗最新消息特别报道-2025年6月21日(阅读时请注意分辨内容里的双标)
【资料】全球特定国家每日动态2025.6.22(新增马来西亚等东南亚国家)
5 months 3 weeks ago
目前每日动态包含:马来西亚、越南、印度尼西亚、泰国、缅甸、菲律宾、日本、印度、巴基斯坦、阿富汗、土耳其、阿塞拜疆、叙利亚、沙特阿拉伯、伊朗、乌兹别克斯坦、土库曼斯坦、塔吉克斯坦、吉尔吉斯斯坦、哈萨克斯坦、尼日利亚等21国。
CVE-2009-4784 | Joaktree Com Joaktree 1.0 index.php treeId sql injection (EDB-10272 / BID-37178)
5 months 3 weeks ago
A vulnerability classified as critical was found in Joaktree Com Joaktree 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument treeId leads to sql injection.
This vulnerability was named CVE-2009-4784. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
安全分析与研究公众号文章精选
5 months 3 weeks ago
安全分析与研究文章精选
CVE-2017-18016 | Parity Browser up to 1.6.10 Web Proxy Engine Request 7pk security (EDB-43499)
5 months 3 weeks ago
A vulnerability classified as problematic was found in Parity Browser up to 1.6.10. This vulnerability affects unknown code of the component Web Proxy Engine. The manipulation as part of Request leads to 7pk security features.
This vulnerability was named CVE-2017-18016. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-4322: одна строка кода заставила тысячи сайтов сдаться хакерам без сопротивления
5 months 3 weeks ago
Сначала сброс пароля. Потом новый админ. Потом — ты полностью теряешь контроль.
CVE-2017-3558 | Oracle VM VirtualBox up to 5.0.37/5.1.19 access control (EDB-41904 / Nessus ID 99509)
5 months 3 weeks ago
A vulnerability has been found in Oracle VM VirtualBox up to 5.0.37/5.1.19 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls.
This vulnerability is known as CVE-2017-3558. Attacking locally is a requirement. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2012-5229 | WordPress Slideshow Gallery2 border cross site scripting (EDB-36631 / XFDB-72748)
5 months 3 weeks ago
A vulnerability was found in WordPress Slideshow Gallery2. It has been classified as problematic. This affects an unknown part. The manipulation of the argument border leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2012-5229. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2005-3980 | Edgewall Software Trac up to 0.50.9 group sql injection (EDB-26693 / Nessus ID 20252)
5 months 3 weeks ago
A vulnerability was found in Edgewall Software Trac up to 0.50.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument group leads to sql injection.
This vulnerability is known as CVE-2005-3980. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-6468 | code-projects Online Bidding System 1.0 /bidnow.php ID sql injection (EUVD-2025-18838)
5 months 3 weeks ago
A vulnerability was found in code-projects Online Bidding System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bidnow.php. The manipulation of the argument ID leads to sql injection.
This vulnerability was named CVE-2025-6468. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
AWS Raises Expertise Bar for MSSP Partners
5 months 3 weeks ago
Amazon Web Services (AWS) this week revealed it has added new categories for describing offerings provided by partners offering managed services security providers (MSSP) as part of an effort to ensure a more consistent customer experience.
The post AWS Raises Expertise Bar for MSSP Partners appeared first on Security Boulevard.
Michael Vizard
Will AI Replace You — or Promote You? How to Stay Ahead
5 months 3 weeks ago
What can public- and private-sector staff do to stay relevant and grow their career in the midst of AI-driven tech layoffs? Here’s a roundup of recent stories and solutions to help.
The post Will AI Replace You — or Promote You? How to Stay Ahead appeared first on Security Boulevard.
Lohrmann on Cybersecurity