Aggregator

主站 分类 漏洞 工具 极客

一场重大网路攻击酿成灾难，下一波攻击又来势汹涌汹涌。

A vulnerability was found in Francisco Burzi PHP-Nuke 5.6. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules.php. The manipulation of the argument bio leads to sql injection. This vulnerability is handled as CVE-2002-1242. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

OpenAI的ChatGPT爬虫似乎能够对任意网站发起分布式拒绝服务（DDoS）攻击，而OpenAI尚未承认这一漏洞。

主站 分类 漏洞 工具 极客

A vulnerability has been found in Pleer wp-twitter-feed 0.3.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file magpie_debug.php. The manipulation of the argument url leads to cross site scripting. This vulnerability was named CVE-2010-4825. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Squiz MySource Matrix 3.28.3 and classified as problematic. This vulnerability affects unknown code of the file char_map.php. The manipulation of the argument width leads to cross site scripting. This vulnerability was named CVE-2010-4901. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in WeBid 0.8.5. Affected by this vulnerability is an unknown functionality of the file confirm.php. The manipulation of the argument id leads to cross site scripting. This vulnerability is known as CVE-2010-4873. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in SmartFTP 2.0/4.0. It has been rated as very critical. This issue affects some unknown processing of the component tftp. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2010-4871. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Microsoft Windows Server 2008. This vulnerability affects unknown code of the component Color Control Panel. The manipulation leads to untrusted search path. This vulnerability was named CVE-2010-5082. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Blender 2.63a and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to link following. This vulnerability is handled as CVE-2010-5105. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Xymon up to 4.1.x/4.2.x/4.3.24. Affected by this issue is some unknown functionality of the file web/useradm.c of the component xymond. The manipulation of the argument adduser_name leads to command injection. This vulnerability is handled as CVE-2016-2056. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 1.5. This issue affects some unknown processing of the component Javascript Page Loader. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2006-0749. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 1.5. Affected is an unknown function of the component Javascript Garbage Collector. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2006-0749. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Merak Mail Server up to 8.3.x. It has been declared as problematic. This vulnerability affects the function securepath of the file accounts/inc/include.php. The manipulation of the argument lang_settings leads to path traversal. This vulnerability was named CVE-2006-0817. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NullSoft WinAmp 5.12/5.13. It has been rated as very critical. Affected by this issue is the function strncpy. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2006-0720. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in kpdf. This vulnerability affects unknown code. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2006-0746. The attack can be initiated remotely. There is no exploit available.

error code: 521

HackerNews 编译，转载请注明出处： 联邦贸易委员会（FTC）周五发布的初步报告中指出，企业根据从消费者数据和行为中收集的信息对商品进行加价，这些信息包括地理位置、人口统计特征、购物习惯，甚至个人在网页上移动鼠标的方式。 该报告基于六家公司——万事达卡、埃森哲、PROS、Bloomreach、Revionics和麦肯锡公司——提供的材料。FTC于7月要求这些公司提供有关其所谓“监控定价”产品的信息。 这六家被调查公司出售的工具使企业能够不断调整价格，让零售商能够基于各种个人特征，通过算法调整并确定向消费者收取的费用。 该报告由FTC即将离任的民主党多数派要求编制，目前仍处于“工作人员观点”阶段，尚未最终确定。即将上任的FTC主席安德鲁·弗格森和共和党成员梅利萨·霍利约克反对发布该报告，称在机构调查结束前不应发布。 根据FTC的新闻稿，由于该委员会要求不得泄露机密商业秘密，因此报告仅提供了假设性示例。 报告也未明确这六家公司各自对消费者进行画像的广泛程度。 新闻稿称，其中一些公司表示，它们能够“根据细致的消费者数据（如化妆品公司针对特定肤质和肤色的促销活动）来确定个性化和差异化的定价及折扣”。 FTC基于这六家公司提供的文件提出的一个假设案例是，一位被标记为新父母的消费者在购买婴儿产品时看到了更高的价格。 FTC表示，这六家研究公司服务的客户多达250家，涵盖从杂货店到服装连锁店的各类企业。 即将离任的主席莉娜·可汗在一份声明中表示：“FTC应继续调查监控定价行为，因为美国人有权了解自己的个人数据是如何被用来设定他们支付的价格的，以及企业是否为同一商品或服务向不同的人收取不同价格。” 该委员会呼吁消费者和企业发表公开评论，详细说明监控定价对他们造成的影响。 六家公司中只有两家回应了置评请求。 旗下拥有Recorded Future News的万事达卡的一位发言人表示，公司正在审查刚刚发布的报告。 该发言人说：“我们不提供监控定价服务。我们的服务和平台帮助我们的客户更好地了解与其业务相关的趋势和见解。” Revionics的一位发言人说，该公司没有开发“针对特定个人推荐定价的软件。Revionics在任何情况下都不会使用个人消费者数据。” 该发言人说：“Revionics的人工智能价格优化软件在向零售商推荐最优价格时，会考虑众多市场层面的因素。通过使用人工智能，Revionics帮助零售商确定一个对消费者和零售商都有利的价格。” FTC指出，这六家公司中的一些“反对将其提供的工具描述为旨在或用于为消费者设定个性化价格或实现监控定价”。   消息来源：The Record, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability has been found in HP Systems Insight Manager up to 7.4.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2015-5403. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.