Aggregator

文章讲述了一位新人通过时间戳载荷、sqlmap和侦察技术成功发现SQL注入漏洞的经历，展示了SQL注入在网络安全中的重要性，并强调了侦察在漏洞挖掘中的关键作用。

这篇文章介绍了rsync协议及其在文件同步中的应用。rsync通过增量传输算法提高效率，默认使用873端口。用户可通过匿名认证连接rsync服务，并使用命令行工具列出共享目录和下载文件。文章还展示了如何通过rsync获取flag.txt文件以完成任务。

关键词网络攻击俄罗斯背景黑客组织“噪音熊”（Noisy Bear）近期针对哈萨克斯坦能源行业发起了一场精心策划

关键词数据泄露近日，围绕 Salesloft 旗下 Drift 应用的安全事件有了最新进展。

关键词安全漏洞Django开发团队近日发布关键安全更新，修复该流行Python Web框架中存在的一个高危漏洞

关键词Claude9月5日，美国人工智能公司 Anthropic 在其官网发布公告，宣布即日起禁止多数股权由中

API已成为数字基础设施的核心，但随着使用量激增和复杂性增加，传统安全措施难以应对。AI和自动化进一步加剧了风险。现代API生态系统涉及多种协议和云环境，传统工具无法有效保护。Security Edge通过边缘安全、低延迟和实时监控提供解决方案。

A newly disclosed security flaw in pgAdmin4, the widely used open-source tool for managing PostgreSQL databases, has raised serious concerns among developers and database administrators across the world. The vulnerability, tracked as CVE-2025-9636, was recently highlighted in the GitHub Advisory Database and classified as High severity. The issue lies in a Cross-Origin Opener Policy (COOP) vulnerability that affects versions of […]

The post PgAdmin Vulnerability Allows Attackers to Gain Unauthorized Account Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Технические стандарты оказались мощнее армий — и лишь один игрок понял это вовремя.

作者在对目标网站进行子域名侦察时，使用subfinder发现两个dashboard子域名，并通过ffuf工具进一步fuzzing发现了更多潜在子域名。

360发布大模型安全卫士，以“四大智能体”破解AI安全难题

A vulnerability has been found in elunez eladmin up to 2.7 and classified as problematic. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-10084. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. This vulnerability is known as CVE-2025-10085. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in fuyang_lipengjun platform 1.0.0. It has been classified as critical. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. This vulnerability is handled as CVE-2025-10086. The attack can be initiated remotely. Additionally, an exploit exists. Affects another part than CVE-2025-9936.

A vulnerability classified as critical has been found in Ditty Plugin up to 3.1.57 on WordPress. Affected by this issue is some unknown functionality. Performing manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2025-8085. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Open Design Alliance CDE inWEB SDK. This impacts an unknown function of the component Setting Handler. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2024-12564. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. It has been declared as critical. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-10087. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, has been found in Bender CC612, CC613, ICC15xx, ICC16xx and ICC13xx. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is documented as CVE-2025-41708. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Bender CC612, CC613, ICC16xx and ICC13xx up to 5.33.2. This issue affects some unknown processing. The manipulation results in insufficiently protected credentials. This vulnerability is reported as CVE-2025-41682. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Apache Jackrabbit Core and Jackrabbit JCR Commons. The impacted element is an unknown function of the component JNDI Handler. Such manipulation leads to injection. This vulnerability is listed as CVE-2025-58782. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.