新潮信息-Tide安全团队2024年度总结
我们的2024,每一个人都是主角,每一份付出都弥足珍贵,每一束光芒都熠熠生辉。
Aggregator
新潮信息-Tide安全团队2024年度总结
8 months 1 week ago
我们的2024,每一个人都是主角,每一份付出都弥足珍贵,每一束光芒都熠熠生辉。
新潮信息-Tide安全团队2024年度总结
8 months 1 week ago
序言几乎每个岁末年初,我们都会回望旧年,同时期待新年。2024年,未知与确定共存,希望与失落夹杂,新与旧反复交替。站在2024年尾声,我们又一次回首这一年,既有突破与成长,也有不舍与遗憾。无论是技术深
CVE-2017-9798 | Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request use after free (RHSA-2017:2882 / EDB-42745)
8 months 1 week ago
A vulnerability classified as problematic was found in Apache HTTP Server up to 2.2.34/2.4.27. Affected by this vulnerability is the function ap_limit_section of the component Limit Directive. The manipulation as part of HTTP Request leads to use after free.
This vulnerability is known as CVE-2017-9798. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
2024风险画像数据产品总结|首发多个风险标签,全球黑卡黑IP捕获量翻倍
8 months 1 week ago
行业首发劫持共用代理、云手机、云服务等风险标签,全球黑卡黑IP捕获量翻倍……
2024风险画像数据产品总结|首发多个风险标签,全球黑卡黑IP捕获量翻倍
8 months 1 week ago
回顾2024年互联网黑灰产攻防依然激烈2024年互联网黑产从业人员900多万全球作恶手机号1600多万日活跃风险IP数量670万新的欺诈模式、作恶手段层出不穷在风险管理与防御上不少企业都面临攻防不对等
2024风险画像数据产品总结|首发多个风险标签,全球黑卡黑IP捕获量翻倍
8 months 1 week ago
行业首发劫持共用代理、云手机、云服务等风险标签,全球黑卡黑IP捕获量翻倍……
新的“DoubleClickjacking”漏洞可绕过网站的劫持保护
8 months 1 week ago
主站 分类 漏洞 工具 极客
新的“DoubleClickjacking”漏洞可绕过网站的劫持保护
8 months 1 week ago
该漏洞通过利用双击操作来推动点击劫持攻击及账户接管,几乎波及所有大型网站。
CVE-2017-15359 | 3CX Phone System 15.5.3554.1 Management Console DownloadRecord?file= path traversal (EDB-42991 / ID 800682)
8 months 1 week ago
A vulnerability classified as problematic has been found in 3CX Phone System 15.5.3554.1. Affected is an unknown function of the file /api/RecordingList/DownloadRecord?file= of the component Management Console. The manipulation leads to path traversal.
This vulnerability is traded as CVE-2017-15359. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
vuldb.com
至少35个Chrome扩展被劫持,新细节揭示了黑客的攻击手法
8 months 1 week ago
主站 分类 漏洞 工具 极客
至少35个Chrome扩展被劫持,新细节揭示了黑客的攻击手法
8 months 1 week ago
近期,黑客针对多个Chrome扩展程序进行了攻击,数十万用户受到影响。随着调查的深入,一些攻击活动细节也得到了披露。
CVE-2018-4312 | Apple iTunes up to 12.8 on Windows use after free (EDB-45481 / Nessus ID 119323)
8 months 1 week ago
A vulnerability was found in Apple iTunes up to 12.8 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free.
This vulnerability is known as CVE-2018-4312. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2004-1951 | Xine up to 1 Rc3c (EDB-24038 / Nessus ID 37040)
8 months 1 week ago
A vulnerability was found in Xine and classified as problematic. This issue affects some unknown processing. The manipulation leads to an unknown weakness.
The identification of this vulnerability is CVE-2004-1951. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Initial Release of heretek: Yet Another GDB TUI Frontend
8 months 1 week ago
Windows 曝9.8分漏洞,已有PoC及利用情况
8 months 1 week ago
主站 分类 漏洞 工具 极客
Windows 曝9.8分漏洞,已有PoC及利用情况
8 months 1 week ago
CVE - 2024 - 49112属于远程代码执行(RCE)漏洞,会对包括域控制器(DC)在内的Windows服务器产生影响。
坦桑尼亚游记(上):在国家公园见证《动物世界》
8 months 1 week ago
坦桑尼亚,这片神秘而美丽的土地,拥有丰富的自然景观和独特的文化风情。无论是壮观的动物大迁徙,还是宁静的海滩和古老的城镇,都吸引着无数游客前来探索。在国庆假期的 11 天旅程中,我们重点游历了北部的
CVE-2012-1225 | Dolibarr up to 3.2.0 list.php rowid sql injection (EDB-36683 / BID-51956)
8 months 1 week ago
A vulnerability has been found in Dolibarr up to 3.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file list.php. The manipulation of the argument rowid leads to sql injection.
This vulnerability is known as CVE-2012-1225. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
新细节揭示黑客如何劫持 35 个 Google Chrome 扩展程序
8 months 1 week ago
error code: 521