Aggregator

A vulnerability was found in Db Soft Lab VImp X 4.8.8.0. It has been classified as very critical. This affects an unknown part of the file VImpX.ocx of the component ActiveX Control. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2008-4749. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Jmds Com Kbase 1.2 and classified as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2008-6166. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Microsoft Windows. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Path Canonicalisation. The manipulation leads to code injection (EclipsedWing). This vulnerability is handled as CVE-2008-4250. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Boka SiteEngine 5.0. It has been rated as problematic. Affected by this issue is the function phpinfo of the file misc.php. The manipulation of the argument action leads to information disclosure. This vulnerability is handled as CVE-2008-7268. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Boka SiteEngine 5.0. This affects an unknown part of the file api.php. The manipulation of the argument forward leads to improper input validation. This vulnerability is uniquely identified as CVE-2008-7269. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Adobe Flash Player up to 11.2.202.548/18.0.0.261/19.0.0.245. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2015-8415. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Welcome to the Security Weekly Podcast Network, your all-in-one so

Palo Alto Networks warns of potential RCE in PAN-OS management interface

A vulnerability, which was classified as critical, has been found in ZyXEL P-660HW-T1, PMG5318-B20A and NBG-418N. This issue affects some unknown processing. The manipulation of the argument Password with the input 1234 leads to credentials management. The identification of this vulnerability is CVE-2015-6016. The attack may be initiated remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

集微网援引消息来源报道，台积电已向目前所有中国大陆 AI 芯片客户发送正式电子邮件，宣布自下周（11月11日）起，将暂停向中国大陆 AI/GPU 客户供应所有 7 纳米及更先进工艺的芯片。并非所有大陆 IC 设计公司从此以后都无法获得台积电的先进制程工艺支持，目前最新的管控仅限于 AI/GPU 相关，手机、汽车等芯片不在管辖范围内。至于 AI/GPU 相关芯片，则需要等到台积电与美国商务部协商出台具体管控细则，符合条件的芯片依旧有望通过申请许可的方式在台积电继续流片生产。此前“白手套”事件涉及的大陆厂商，其所有 wafer 已被台积电尽数销毁，未来是否还能继续在台积电下单代工尚未可知。

Java 代码解密：使用 Frida 还原 JVMTI Agent 加密保护的java类 & Linux 环境下的Frida 使用

2024/11/08 auth: 橙子酱 [email protected]

从一个奇怪jar开始の奇妙分析

在一次平常的代码审计中，我在尝试反编译一个 JAR 文件，发现大部分的CLASS反编译失败了，返回的结果一片空白

这一定是被什么东西加密了，平常也经常遇到java agent的加密，先检查一下JVM启动参数

我觉得接触车联网更重要的是要先学会CAN总线的知识，所以就从CAN（UDS方向）开始好了，为了避免浪费大家时间，先放出目录：下面正式开始车内CAN通信早期的汽车控制在很久以前车刚被造出来的时候，功能单

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.11.2. Affected by this issue is some unknown functionality of the component asihpi. The manipulation leads to improper validation of array index. This vulnerability is handled as CVE-2024-50007. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mitel MiCollab and MiVoice Business Solution Virtual Instance. This affects an unknown part of the component Desktop Client. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-35314. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Kraftplugins Mega Elements Plugin up to 1.2.6 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-49693. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in RoboSoft Robo Gallery Plugin up to 3.2.21 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-49696. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Spiffy Plugins WP Flow Plus Plugin up to 5.2.3 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-49695. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.4.4. Affected is the function doPPPoE of the file cgi-bin/mainfunction.cgi. The manipulation of the argument table leads to command injection. This vulnerability is traded as CVE-2024-48074. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Brainstorm Force Astra Widgets Plugin up to 1.2.14 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-50439. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in EnvoThemes Envos Elementor Templates & Widgets for WooCommerce Plugin up to 1.4.19 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-50447. It is possible to launch the attack remotely. There is no exploit available.