Aggregator

HackerNews 编译，转载请注明出处： 网络安全研究人员发出警告，Python软件包索引（PyPI）仓库正遭遇恶意攻击，不法分子利用伪装成“时间”相关工具的虚假库，暗藏窃取云访问令牌等敏感数据的功能。 软件供应链安全公司ReversingLabs发现，共有20个恶意软件包，分为两组。这些软件包累计下载量已超过14100次，具体如下： – snapshot-photo（2448次下载） – time-check-server（316次下载） – time-check-server-get（178次下载） – time-server-analysis（144次下载） – time-server-analyzer（74次下载） – time-server-test（155次下载） – time-service-checker（151次下载） – aclient-sdk（120次下载） – acloud-client（5496次下载） – acloud-clients（198次下载） – acloud-client-uses（294次下载） – alicloud-client（622次下载） – alicloud-client-sdk（206次下载） – amzclients-sdk（100次下载） – awsc1oud-clients-core（206次下载） – credential-python-sdk（1155次下载） – enumer-iam（1254次下载） – tclients-sdk（173次下载） – tcloud-python-sdks（98次下载） – tcloud-python-test（793次下载） 第一组软件包用于将数据上传至攻击者的基础设施，第二组则为多个云服务（如阿里云、亚马逊网络服务和腾讯云）实现客户端功能，但它们也被用于窃取云机密。 目前，所有已识别的软件包在撰写本文时已从PyPI中移除。 进一步分析发现，其中三个软件包（acloud-client、enumer-iam和tcloud-python-test）被列为一个相对受欢迎的GitHub项目“accesskey_tools”的依赖项，该项目已被 fork 42次，获得519颗星。 tcloud-python-test的源代码提交可追溯至2023年11月8日，表明该软件包自那时起便可在PyPI上下载，据pepy.tech统计，该软件包至今已被下载793次。 与此同时，Fortinet FortiGuard Labs披露，在PyPI和npm上发现了数千个软件包，其中一些被发现嵌入可疑的安装脚本，这些脚本旨在安装时部署恶意代码或与外部服务器通信。 “可疑的URL是识别潜在恶意软件包的关键指标，因为它们常被用于下载额外的有效载荷或与命令与控制（C&C）服务器建立通信，从而让攻击者控制受感染的系统。”Jenna Wang表示。 “在974个软件包中，这些URL与数据窃取、进一步恶意软件下载和其他恶意行为的风险相关。对软件包依赖项中的外部URL进行严格审查和监控至关重要，以防止被利用。”   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in MICROSYS PROMOTIC. Affected is an unknown function of the component ActiveX. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2011-4520. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Project Alumni 1.0.9. It has been rated as critical. This issue affects some unknown processing of the file info.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2008-2118. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. This vulnerability was named CVE-2025-2351. The attack can be initiated remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The identification of this vulnerability is CVE-2025-2352. The attack may be initiated remotely. Furthermore, there is an exploit available. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registry_id/plane_icao leads to sql injection. This vulnerability is traded as CVE-2025-2353. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in VAM Virtual Airlines Manager 2.6.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vam/index.php. The manipulation of the argument registry_id/plane_icao/hub_id leads to cross site scripting. This vulnerability is known as CVE-2025-2354. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as very critical, was found in Oracle Solaris 10/11. Affected is the function parse_user_name of the component Pluggable authentication module. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2020-14871. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP Lab WP-Lister Lite for Amazon Plugin up to 2.6.16 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-37261. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Maciej Bis Permalink Manager Lite Plugin up to 2.4.3.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component During Web Page. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-37257. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Vsourz Digital All In One Redirection Plugin up to 2.2.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-37245. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ninja Team Ninja Beaver Add-ons for Beaver Builder Plugin up to 2.4.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-37244. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Jethin Gallery Slideshow Plugin up to 1.4.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-37246. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Ankitects Anki 24.04. This affects an unknown part of the component Flashcard Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2024-26020. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Ankitects Anki 24.04 and classified as problematic. This issue affects some unknown processing of the component Latex. The manipulation leads to inclusion of functionality from untrusted control sphere. The identification of this vulnerability is CVE-2024-29073. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Ankitects Anki 24.04. It has been classified as problematic. Affected is an unknown function of the component LaTeX. The manipulation leads to incomplete blacklist. This vulnerability is traded as CVE-2024-32152. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in JetBrains TeamCity and classified as problematic. This vulnerability affects unknown code of the component OAuth. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability was named CVE-2024-41829. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in JetBrains TeamCity and classified as problematic. This issue affects some unknown processing of the component Code Inspection Tab. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-41825. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in JetBrains TeamCity. It has been classified as problematic. Affected is an unknown function of the component Show Connection Page. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-41826. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.