Aggregator

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Privacy / Data ProtectionThe U.S. Department of Justice (DoJ), along with the Federal Trade Commis

The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for "flagrantly violating" children's privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form videos and messages with adults and others on the service. They

​TideInspire(潮启)是由新潮信息Tide安全团队自研推出的一款移动端安全管控平台。通过利用该平台获取的数据，进而对山东省移动应用数量、恶意仿冒应用分布情况，安全漏洞数量等九个方面进行总结与展示。

关键词Cloudflare黑客如何利用Cloudflare隧道传播恶意软件在当今网络安全形势日益严峻的背景下，

关键词DNS劫持在 Sitting Ducks 攻击中，网络犯罪分子利用注册商一级的配置缺陷和 DNS 提供商

关键词网络身份证近日，公安部、国家互联网信息办公室发布《国家网络身份认证公共服务管理办法（征求意见稿）》（简称

很多人问我你日站是用手工还是工具扫？我觉得两者同时进行效率会高些，所谓双管齐下，无站不破，当然还得看人品。前段时间经常日有颜色的站，懂得都懂，emmm哈哈哈，但都是套路，跟bc又密不可分。于是就按着套

A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the argument row[url]/row[imagewidth]/row[imageheight] leads to cross site scripting. This vulnerability was named CVE-2024-7453. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Placement Management System 1.0. It has been classified as critical. This affects an unknown part of the file view_company.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-7452. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file apply_now.php. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-7451. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted upload. This vulnerability is known as CVE-2024-7450. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument email leads to sql injection. This vulnerability is traded as CVE-2024-7449. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in FFmpeg 402d98c9d467dff6931d906ebb732b9a00334e0b. This issue affects the function jpegxl_collect_codestream_header of the file FFmpeg/libavformat/jpegxl_anim_dec.c. The manipulation leads to use after free. The attack may be initiated remotely. Furthermore, there is an exploit available. Affects random checkout which is not eligible for a CVE assignment according to MITRE definitions.

A vulnerability classified as critical was found in FFmpeg 402d98c9d467dff6931d906ebb732b9a00334e0b. This vulnerability affects the function get_bits_long in the library FFmpeg/libavcodec/get_bits.h. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. Furthermore, there is an exploit available. Affects random checkout which is not eligible for a CVE assignment according to MITRE definitions. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Quiz and Survey Master Plugin up to 9.0.x on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6390. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in UsersWP Plugin up to 1.2.11 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Export Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-6477. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

为进一步了解安全行业动态，推动安全行业发展，数世传媒将对行业中各类活动进行整理汇总，供业内各界了解关注。

鉴于最近一系列大规模勒索软件攻击席卷了各行各业，思科Talos想重新审视一下顶级勒索软件组织目前的现状。