Aggregator

Submit #558283 / VDB-306365

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2025-4011. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VISAM VBASE Automation Base up to 11.7.4 and classified as problematic. Affected by this issue is some unknown functionality of the component File Handler. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2022-46286. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VISAM VBASE Automation Base up to 11.7.4. It has been classified as problematic. This affects an unknown part of the component File Handler. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2022-46300. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assign/assign.php. The manipulation of the argument sid leads to cross site scripting. The identification of this vulnerability is CVE-2023-1567. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument date_to leads to cross site scripting. This vulnerability is traded as CVE-2023-1568. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function Save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-1609. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in CKeditor4 up to 4.20.x. This affects an unknown part of the component Instance Destroying. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-28439. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #558240 / VDB-306364

在因黑客攻击导致下线一周多之后，4chan 恢复了上线。官方博客解释了下线原因：一名使用英国 IP 地址的黑客利用上传的恶意 PDF 入侵其服务器（利用了 2012 年版 Ghostscript 的漏洞），获得了数据库和管理控制面板的访问权限。攻击者随后花了几小时时间窃取了数据库表和大部分源代码，接着开始对网站进行破坏。为了防止攻击者进一步破坏网站，管理员们关闭了服务器。4chan 承认遭到入侵的原因是没有及时更新操作系统和代码，辩解称它缺乏人手和资金——一个原因是没多少广告商和支付服务商愿意支持 4chan。4chan 创始人 Chris“Moot”Poole 在 2015 年以未披露的价格将 4chan 出售给 2ch 的创始人西村博之，之后无论服务器还是网站代码都没有进行更新。4chan 开发团队在网站下线期间更新了操作系统和代码，禁用了 PDF 上传，关闭了板块 /f/ — Flash，因为目前没有切实可行的方法阻止使用 .swf 文件进行类似的攻击。4chan 表示因为没有网站能取代它，所以无论多么艰难都不会放弃。

今天给大家推送美国CIA新任局长约翰·拉特克利（John Ratcliffe）在参议院情报委员会听证会上接受询问时的有关回答。共有122个问题。

A vulnerability was found in SAUTER EY-AS525F001 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-28650. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in SAUTER EY-AS525F001. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-28655. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in SAUTER EY-AS525F001. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2023-22300. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Moodle. This vulnerability affects unknown code of the component Template Reset. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2023-28335. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Adobe ColdFusion up to 2018 Update 15/2021 Update 5. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2023-26359. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is some unknown functionality of the component GIF DirectShow Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2013-3174. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Thank You Page Customizer for WooCommerce Plugin up to 1.0.13 on WordPress. It has been classified as problematic. This affects the function send_email. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2022-46812. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Microsoft Edge. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2023-28286. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.