Aggregator

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. This vulnerability is known as CVE-2024-10447. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. This vulnerability is traded as CVE-2024-10446. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #432501 / VDB-282008

Gentoo 发行版项目宣布引入了用于动态跟踪内核或用户空间程序的工具 DTrace，只需要安装软件包 dev-debug/dtrace，最新发行版内核已经启用了所有必要的内核选项。DTrace 源自于 Sun Microsystems 的 Solaris Unix 系统，是一种全面的动态跟踪框架，用于实时排除生产系统上的内核和应用问题，它已经被移植到了类 Unix 系统如 Linux。 DTrace 可用于获取运行中系统的全局概览，如活动进程使用的内存量、CPU 时间、文件系统和网络资源。它还可提供更细粒度信息，如调用特定函数时所用参数的日志，或访问特定文件的进程列表。

Submit #432372 / VDB-282007

Submit #432371 / VDB-282006

23 октября Грег Кроа-Хартман, один из ведущих разработчиков ядра Linux, уволил 11 специалистов из РФ.

A vulnerability classified as critical has been found in Barracuda Networks Barracuda Spam Firewall 3.1.16. This affects an unknown part of the file img.pl of the component Firmware. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2005-2847. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

In the war against malicious cyber activity, it’s time for security vendors to step in – and it’s not how you might think. CISA Director Jen Easterly put it right at this year’s Black Hat conference: “We got ourselves into this; we have to get ourselves out.” Geopolitical tensions are rising worldwide, attacks are becoming increasingly sophisticated, and nation-state threats on US organizations and critical infrastructure are at an all-time high. As we prepare to … More →

The post A good cyber leader prioritizes the greater good appeared first on Help Net Security.

今年10月底开始，香港将禁止公务员在办公电脑上使用包括微信、WhatsApp Web和Google Drive在内的云存储及即时通讯服务。

A vulnerability classified as critical was found in Apple iOS up to 10.2. This vulnerability affects unknown code of the component FontParser. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2407. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GDidees CMS up to 3.9.1. It has been rated as problematic. This issue affects some unknown processing of the file /_admin/imgdownload.php. The manipulation of the argument filename leads to information disclosure. The identification of this vulnerability is CVE-2023-27179. Access to the local network is required for this attack. Furthermore, there is an exploit available.

0x01 写在前面前段时间在字节 CTF 的大师赛上出了一个杂项，算是前段时间研究某个中间件的衍生产物，觉得很有兴趣，最近有时间便拿出来分享一下出题思路0x02 小玩笑当今时代，消息中间件已成为...

A vulnerability, which was classified as critical, was found in EZCMS EZTechhelp EZCMS up to 1.2. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2008-2920. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in xeCMS 1.0/1.0.0. It has been classified as critical. Affected is an unknown function of the file admin.php. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2008-6714. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Red Hat Fedora 6/7/8. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper resource management. This vulnerability is known as CVE-2007-5962. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Application Dynamics Cartweaver 3.0. This vulnerability affects unknown code of the file details.php. The manipulation of the argument prodId leads to sql injection. This vulnerability was named CVE-2008-2918. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in T0pp8uzz Dana IRC client up to 1.1 and classified as critical. Affected by this issue is some unknown functionality of the component IRC Client. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2008-2922. The attack may be launched remotely. Furthermore, there is an exploit available.

图 1 是利用墨菲安全的 jar 检测，快速梳理有漏洞组件的 jar 包图 2、图 3 是快速审计漏洞的时候，需要关注一下web.xml或者xxx Service.xml中的特殊 servlet...

In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long shares insights on emerging isolation technologies that could enhance Kubernetes security and better protect containerized environments. What are the most common vulnerabilities in Kubernetes clusters today, and how can they be mitigated effectively? Kubernetes has made significant progress in security since its inception ten years ago. Security isn’t an afterthought in … More →

The post How isolation technologies are shaping the future of Kubernetes security appeared first on Help Net Security.