Aggregator

A vulnerability has been found in Imperva SecureSphere MX Management Server 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2008-1463. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in phpSquidPass up to 0.1. It has been rated as problematic. This issue affects some unknown processing of the file Index.PHP of the component Regular Expression Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2002-2175. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

一项新的研究表明，新西兰本土石蝇已经改变了颜色，以应对人类驱动的环境变化。研究报告发表在《科学》期刊上。论文通讯作者、奥塔哥大学的 Jonathan M. Waters 教授说，由于最近的森林砍伐，石蝇已经变成了一种不同的颜色。“在天然森林地区，一种本地物种进化出了模仿有毒森林物种的‘警告’颜色，以欺骗捕食者，让他们认为它们也有毒。“但自从人类到来以来，森林的砍伐已经消除了有毒物种。因此，在森林被砍伐的地区，模仿物种放弃了这一策略——因为没有什么可以模仿的——而是进化成不同的颜色。”人类引起的进化最著名的例子是英国的胡椒蛾种群，它们在19世纪因工业污染而改变了颜色。

Адвокаты называют доказательства спорными, но приговор оставлен в силе.

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-10450. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Moxa TN-5900 up to 3.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to command injection. This vulnerability is handled as CVE-2023-34215. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Moxa TN-5900 up to 3.3. It has been classified as very critical. This affects an unknown part of the component Web API. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-33237. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Moxa MXsecurity up to 1.0.0. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2023-39981. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #432614 / VDB-282010

A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10449. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. This vulnerability is handled as CVE-2024-10448. The attack may be launched remotely. Furthermore, there is an exploit available. Other endpoints might be affected as well.

Submit #432564 / VDB-282009

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. This vulnerability is known as CVE-2024-10447. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. This vulnerability is traded as CVE-2024-10446. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #432501 / VDB-282008

Gentoo 发行版项目宣布引入了用于动态跟踪内核或用户空间程序的工具 DTrace，只需要安装软件包 dev-debug/dtrace，最新发行版内核已经启用了所有必要的内核选项。DTrace 源自于 Sun Microsystems 的 Solaris Unix 系统，是一种全面的动态跟踪框架，用于实时排除生产系统上的内核和应用问题，它已经被移植到了类 Unix 系统如 Linux。 DTrace 可用于获取运行中系统的全局概览，如活动进程使用的内存量、CPU 时间、文件系统和网络资源。它还可提供更细粒度信息，如调用特定函数时所用参数的日志，或访问特定文件的进程列表。

Submit #432372 / VDB-282007

Submit #432371 / VDB-282006

23 октября Грег Кроа-Хартман, один из ведущих разработчиков ядра Linux, уволил 11 специалистов из РФ.

A vulnerability classified as critical has been found in Barracuda Networks Barracuda Spam Firewall 3.1.16. This affects an unknown part of the file img.pl of the component Firmware. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2005-2847. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.