Aggregator

在漏洞挖掘中，通过对js的挖掘可发现诸多安全问题，此文章主要记录学习如何利用JS测试以及加密参数逆向相关的漏洞挖掘。一、js中的敏感信息泄露1、默认用户名密码2、硬编码密码、其他秘钥泄露二、js中的指

A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-13193. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

Что общего между Судоку и шифрованием данных?

Overview The Cybersecurity and Infrastructure Security Agency (CISA) released two critica

Submit #469563 / VDB-290785

CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulnerabilities exploited Mitel MiCollab is a popular enterprise collaboration suite. CVE-2024-41713 and CVE-2024-55550 are both path traversal vulnerabilities. The former is exploitable without authentication, and may allow an attacker to gain access “to provisioning information including non-sensitive user and network information and perform unauthorized administrative actions on the MiCollab Server.” The latter … More →

The post Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13192. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The identification of this vulnerability is CVE-2024-13191. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. This vulnerability was named CVE-2024-13190. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-13189. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #469232 / VDB-290784

Submit #469229 / VDB-290783