Aggregator

CVE-2024-21545 | Proxmox pve-manager handle_api2_request file inclusion

1 year 8 months ago

A vulnerability was found in Proxmox pve-manager, libpve-storage-perl, libpve-http-server-perl, pmg-api and libpve-common-perl and classified as problematic. This issue affects the function handle_api2_request. The manipulation leads to file inclusion. The identification of this vulnerability is CVE-2024-21545. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-8914 | haibasoft Thanh Toán Quét Mã QR Code Tự Động Plugin up to 2.0.1 on WordPress wp_kses_allowed_html onclick cross site scripting

VulDB Recent Entries

1 year 8 months ago

A vulnerability has been found in haibasoft Thanh Toán Quét Mã QR Code Tự Động Plugin up to 2.0.1 on WordPress and classified as problematic. This vulnerability affects the function wp_kses_allowed_html. The manipulation of the argument onclick leads to cross site scripting. This vulnerability was named CVE-2024-8914. The attack can be initiated remotely. There is no exploit available.

vuldb.com

JVN: Apache Tomcat Connector（mod_jk）における不適切なデフォルトパーミッションの脆弱性

統合版 JPCERT/CC

1 year 8 months ago

Apache Tomcat Connector（mod_jk）には不適切なデフォルトパーミッションの脆弱性が存在します。

CVE-2014-6974 | MifaShow Hairstyles 3.7 X.509 Certificate cryptographic issues (VU#582497)

Vuldb Updates

1 year 8 months ago

A vulnerability was found in MifaShow Hairstyles 3.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6974. Access to the local network is required for this attack. There is no exploit available.

vuldb.com

CVE-2014-6973 | Akronchildrens Care4Kids 1.03 X.509 Certificate cryptographic issues (VU#582497)

Vuldb Updates

1 year 8 months ago

A vulnerability was found in Akronchildrens Care4Kids 1.03. It has been classified as critical. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-6973. The attack needs to be initiated within the local network. There is no exploit available.

vuldb.com

От баннеров до ТВ: Гонконг начал кибервойну с Китаем за независимость

Securitylab.ru

1 year 8 months ago

Цифровые войска Anonymous 64 продвигают идею свободы среди китайского населения.

CVE-2007-3530 | PHPDirector 0.21 config.php information disclosure (EDB-4139 / XFDB-35222)

Vuldb Updates

1 year 8 months ago

A vulnerability was found in PHPDirector 0.21. It has been classified as critical. Affected is an unknown function of the file config.php. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2007-3530. Attacking locally is a requirement. Furthermore, there is an exploit available.

vuldb.com

CVE-2007-3529 | PHPDirector 0.21 Error Message videos.php id[] information disclosure (EDB-4139 / XFDB-35221)

Vuldb Updates

1 year 8 months ago

A vulnerability was found in PHPDirector 0.21 and classified as critical. This issue affects some unknown processing of the file videos.php of the component Error Message Handler. The manipulation of the argument id[] leads to information disclosure. The identification of this vulnerability is CVE-2007-3529. The attack may be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

Telegram 将向政府提供 IP 和电话号码等数据

Solidot

1 year 8 months ago

Telegram CEO Pavel Durov 表示，该公司将根据有效的法律请求向有关当局提供用户的 IP 地址和电话号码。Durov 在 Telegram 上发帖称，为阻止犯罪分子滥用该平台，它修改了服务条款。此举是在他于法国被捕不到一个月后做出的，他面临共谋传播儿童色情材料等的指控。总部位于阿联酋的 Telegram 以内容审核宽松著称，通常对各国政府的删除请求不予理睬，也经常无视犯罪嫌疑人的信息披露请求。

CVE-2007-3563 | Avscripts AV Arcade 2.1b index.php id sql injection (EDB-4138 / XFDB-35209)

Vuldb Updates

1 year 8 months ago

A vulnerability classified as critical has been found in Avscripts AV Arcade 2.1b. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2007-3563. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

vuldb.com

US proposes ban on connected vehicle tech from China, Russia

不安全

1 year 8 months ago

error code: 1106

CVE-2014-6972 | Kazakhstan Radio 2.5 X.509 Certificate cryptographic issues (VU#582497)

Vuldb Updates

1 year 8 months ago

A vulnerability was found in Kazakhstan Radio 2.5 and classified as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6972. The attack needs to be done within the local network. There is no exploit available.

vuldb.com

警惕风险突出的100个高危漏洞

安全牛

1 year 8 months ago

高危漏洞是网络系统可能被黑客利用以进行非法访问、数据窃取或系统破坏的严重安全缺陷。每一个操作系统、网络应用都可 […]

aqniu

锁定3人！国家安全部门立案侦察“台独”网军“匿名者64”；中证协发布《证券公司网络安全事件舆情处置示范案例》 | 牛览

安全牛

1 year 8 months ago

新闻速览 •锁定3人！国家安全部门立案侦察“台独”网军“匿名者64” •中证协发布《证券公司网络安全事件舆情处 […]

aqniu

活动预告 | 《新一代网络安全服务应用指南（2024版）》线上发布会即将举办

安全牛

1 year 8 months ago

当前，我国企业组织的网络安全能力建设正在不断深化，由以产品为主的网络安全能力建设，逐渐演变到围绕数字化应用系统 […]

aqniu

新场景安全需求快速释放，A股市场网络安全板块性价比凸显；德勤因服务器配置不当遭入侵，大量内部通讯信息或泄露 | 牛览

安全牛

1 year 8 months ago

新闻速览 •新场景安全需求快速释放，A股市场网络安全板块性价比凸显 •Tor回应其匿名性遭破解，仍坚称是在线隐 […]

aqniu

CVE-2022-31470 | Axigen Mobile WebMail prior 10.2.3.12/10.3.3.47 reset-password index_mobile_changepass.hsp cross site scripting (EDB-51722)

Vuldb Updates

1 year 8 months ago

A vulnerability classified as problematic was found in Axigen Mobile WebMail. This vulnerability affects unknown code of the file index_mobile_changepass.hsp of the component reset-password. The manipulation leads to cross site scripting. This vulnerability was named CVE-2022-31470. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

vuldb.com

Inside a ferroelectric RAM chip

不安全

1 year 8 months ago

CVE-2016-6593 | Symantec VIP Access Desktop up to 2.2.1 Startup Library privileges management (ID 370253 / BID-94731)

Vuldb Updates

1 year 8 months ago

A vulnerability was found in Symantec VIP Access Desktop up to 2.2.1. It has been rated as problematic. This issue affects some unknown processing of the component Startup. The manipulation leads to improper privilege management (Library). The identification of this vulnerability is CVE-2016-6593. The attack needs to be approached locally. There is no exploit available.

vuldb.com

最具成长潜力奖！2024中国互联网发展创新与投资大赛（深圳）落幕，爱加密载誉而归

嘶吼

1 year 8 months ago

近日，由中央网信办信息化发展局、广东省委网信办指导，中国互联网发展基金会、中国互联网投资基金、深圳市委网信办联合主办的2024中国互联网发展创新与投资大赛（深圳）正式落幕。

本次大赛共有508个项目报名参赛，经过4个月21场精彩路演角逐，爱加密为现场观众带来了一场紧扣国际互联网科技发展前沿、紧贴“新质生产力”发展趋势的“知识盛宴”，成功征服众多专业评委，从500余项目中脱颖而出，荣获“最具成长潜力奖”！

本届大赛以“‘湾’有引力新引擎，数实融合新征程”为主题，重点围绕人工智能、数字安全等“未来产业”领域赛道开展，着力发掘和培育新质生产力。

爱加密移动应用个人信息合规专家检测平台是针对移动应用、SDK和小程序中出现个人信息的非法收集、滥用、泄露等严重问题，覆盖全量法律法规和监管要求，为测评机构、应用开发企业等推出的半自动化合规专家检测平台。

该平台针对移动应用的基本信息、漏洞信息、收集和使用个人信息行为、通讯传输行为、软件和技术供应链情况、技术脆弱性、隐私政策规范性等进行全量多维度的安全合规检测，通过对合规测评全流程标准化管理，降低安全服务工程师的使用门槛和培训成本；通过集成必要的行为和通信数据监测工具、SDK引擎工具、截图工具、报告生成工具等，降低传统人工测评的时间消耗，提升测评效率和准确性，并出具专业的个人信息安全测评报告。平台从应用检测、政策解读、违规整改到证据存留，全方位赋能各类型移动应用互联网运营者和测评机构，有效降低APP、小程序违规收集使用个人信息的风险，助力APP、小程序和平台长久运营。

爱加密始终以卓越的服务能力和强大的技术实力领跑行业。AI、技术、数据三位一体循环驱动，产品服务一体两翼协同发展，打造主动安全生态，守护智能数字世界！不仅屡夺大奖，更长期参与各类国家标准、行业标准及团体标准的起草工作，已发布《移动互联网应用程序（App）个人信息安全测评规范》《互联网医疗健康移动应用软件（APP）个人信息保护技术要求》《儿童智能手表个人信息和权益保护指南》《移动互联网应用SDK个人信息安全评估方法》等标准。致力于通过优质的核心技术，帮助企业、监管机构、测评机构等实现移动应用的合法合规，从行业实践角度着手大力推动我国移动应用个人信息安全保护生态的良好发展。

爱加密

Aggregator

Managed ad