Aggregator

整整配了3天3夜，才找到一个门槛低，操作相对容易的软件。为了让大家更好的做测试，就想分享一下吧。

A vulnerability was found in AyaCMS 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ust_sql.inc.php. The manipulation leads to code injection. This vulnerability is known as CVE-2022-46101. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in AyaCMS 3.1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /aya/module/admin/fst_down.inc.php. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2022-46102. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as problematic has been found in AyaCMS 3.1.2. This affects an unknown part of the file /aya/module/admin/fst_del.inc.php. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-47926. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical was found in Classcms 3.5. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2022-45966. Access to the local network is required for this attack to succeed. There is no exploit available.

利用马尔可夫链指纹分类加密流量 by ourren

Tor的Snowflake桥接流量分类分析 by ourren

我的网络安全ToB思考 by ourren

The (Anti-)EDR Compendium EDR检测与攻击技术学习网站 by ourren

更多最新文章，请访问SecWiki

Письмо с файлом, кнопка «Скачать», а дальше — социальная инженерия в действии .

华盛顿州立大学考古学家 Tim Kohler 领导的研究团队从全球 1100 个考古遗址的 4.7 万多座住宅建筑中提取数据，将房屋大小作为衡量财富的标准。分析表明，在世界各地不同文明出现农业大约 1500 年后，财富不平等开始加剧。这种现象是由人口增长、对土地的竞争和等级制定居点的发展驱动的。研究强调了造成不平等的几个关键因素。因为农业社区的发展，土地成为一种有限的资源，引发了竞争，也催生了诸如梯田和灌溉等提高生产力的创新。随着时间的推移，更大的定居点成为经济和政治活动的中心，财富开始集中在少数家庭手中。财富差距在人口密集的定居点尤其明显，比小型定居点表现出更大的不平等。研究的一个重要发现是，财富不平等早于文字记录，有证据表明，即使在最早的农业社会也存在财富差距。通过将衡量不平等的标准指标——基尼系数应用于古代房屋大小的研究，研究人员发现，早期农业村庄相对平等。然而，随着定居点变得更大、更复杂，财富差距也在不断扩大。

The cybersecurity industry has been conspicuously quiet after President Trump targeted ex-CISA director Chris Krebs and SentinelOne for retribution. However, some voices have risen above the silence to urge support and the need for public pushback.

The post Public Support Emerges for Chris Krebs, SentinelOne After Trump Memo appeared first on Security Boulevard.

生命、宇宙以及任何事情的终极答案或者终极 Linux 发行版的答案都是 42。Fedora Linux 发行版正式释出了 v42。主要变化包括：GNOME 48、XFCE 4.20、KDE Plasma 6.3、LXQt 2.1、IBus 1.5.32、ibus-libpinyin 1.16，改进 Intel SGX 支持，集成 Linux DRM Panic 屏幕，Golang 1.24、LLVM 20、PHP 8.4、Ruby 3.4 等等。其中 GNOME 48 改进了 Wayland，支持 HDR 等。

Приманка выглядит профессионально, а ловушка — как домашка на Python.

A vulnerability, which was classified as critical, has been found in PeerTube up to 7.1.0. Affected by this issue is some unknown functionality of the component ZIP File Handler. The manipulation leads to highly compressed data. This vulnerability is handled as CVE-2025-32949. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in cashbook 4.0.3. Affected by this vulnerability is an unknown functionality of the file /api/entry/flow/invoice/show. The manipulation of the argument Invoice leads to path traversal. This vulnerability is known as CVE-2025-27980. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15. Affected is an unknown function of the file /boafrm/formDiskFormat. The manipulation of the argument partition leads to command injection. This vulnerability is traded as CVE-2025-28145. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in PeerTube up to 7.1.0. It has been rated as problematic. This issue affects some unknown processing of the component Inbox Endpoint. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2025-32947. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PeerTube up to 7.1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Inbox Endpoint. The manipulation leads to type confusion. This vulnerability was named CVE-2025-32948. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

​Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14. [...]